masquerading and UDP forwarding (ip_masq_udp)

masquerading and UDP forwarding (ip_masq_udp)

Post by Mark Purcel » Tue, 01 Oct 1996 04:00:00



Can anyone point me to a resource for forwarding UDP through a Linux
firewall?

Specifically I am trying to get the VDO protocol back through my firewall
into my masqueraded network.  When I start up a VDO session the remote
server forwards its UDP responses back to port 7000 on my gateway machine,
but I haven't been able to find a way to pipe this through to my internal
hosts.

The VDO firewall documentation suggests that one only needs to open the
firewall to allow UDP port traffic on port 7000, but as my internal network
is masqueraded (192.168.0.0) the network addresses won't make any sense to
the Internet.

I suppose what I need is a generic version of ip_masq_ftp or ip_masq_raudio
which will allow me to setup which ports and where I would like them
forwarded.

Mark

 
 
 

1. forward/masquerade UDP traffic for specific port #

I have a linux box (Red Hat 5.0, kernel version 2.0.32) that is acting
as an internet gateway using IP masquerading to connect an NT PC to
the internet.  Almost all my applications work fine across this, but I
have one specific application that uses UDP and needs to have it's
source port number perserved when the packet is forwarded out to the
internet.  Here's the idea:

<----- internal network ----> | <---- outside world -->
                              |
----+                    +----------+
NT  | A.A.A.A    B.B.B.B |  linux   | C.C.C.C
box |--------------------+   box    +----------> internet
    |                    |          |
----+                    +----------+

I have an application on the NT box that needs to connect via UDP to a
box on the internet.  It uses UDP, and sends over a particular port,
call it "N".  It uses the same port for source and destination, and
the server responds using the same ports.  The problem is that the
server won't respond if the source port on the packet is not equal to
"N", and since IP masquerading alters the source port on the outgoing
packet the application doesn't work (the server ignores it).

If the server were at address "D.D.D.D", then I'd like to see this:

A.A.A.A (port N) -> D.D.D.D (port N)   on local network

Linux box then "masquerades" only the IP address (it preserves the
port number)

C.C.C.C (port N) -> D.D.D.D (port N)   to internet

Server responds to a request with:

D.D.D.D (port N) -> C.C.C.C (port N)   back to linux box

Linux box then forwards to NT box:

D.D.D.D (port N) -> A.A.A.A (port N)   on local network

I think I can get the UDP redirection on the incoming packets working,
but I don't see how I can preserve the port number through the linux
box on the outgoing packets.  This is the only host on the internal
network that will use this port number, so any hard-coding in either
direction is OK.  Can this be done?  If so, how?

I would appreciate it if any replies could get copied to my e-mail
address as well...

Thanks,
Steve Chinatti

2. I want redirect manpages to a temp file but ...t

3. Help with Masquerading / Forwarding UDP

4. glibc-2.1.1 and db_open

5. Matrox Mystique ands X.

6. SWM looking for modern motherboard success stories

7. udp broadcast forwarding

8. Looking for BIND binaries

9. Ipfwadm forwarding UDP and TCP packets- how?

10. UDP Masquerading Problem with kernel 2.1.xx

11. IP Masquerade: ICMP & UDP support

12. forwarding UDP/1604 with iptables

13. How to use iptables to forward tcp and udp request ?