next up previous contents
Next: Two Networks using the Up: Static Address Translation Previous: Translating a Network

Translating Ports

Support for port translation is very basic because here we really needed to keep some state information. The problem is to insert the original port into packets that are answers for packets we translated. Unless we keep that information if we do the forward translation we are unable to do the translation for the return packets, since we have absolutely no way to determine the port the client may have used. This is why bidirectional rules are completely impossible to use with this implementation, and doing the backward translation 'manually' by specifying an extra rule for it is not generic. Of course, I can specify a rule like

ipnatadm -O -W eth1 -i -D webserver/32 80 \
         -N temp-replacement/32 8888

This will work, since we know exactly the IP we have to insert in return packets: it is port 80. So the rule for the return packets will be

ipnatadm -I -W eth1 -i -S temp-replacement/32 8888 \
         -M webserver/32 80

This will take care that the clients connecting to the webserver see the expected source address and port in the packets they get back, which must be from the IP and port they sent their packets to. In this example we have also done IP address translation, not just port translation. Port translation alone makes less sense than IP address translation, but it may still sometimes be useful.


next up previous contents
Next: Two Networks using the Up: Static Address Translation Previous: Translating a Network
Michael Hasenstein
8/22/1997