From: "Nejc Škoberne" <nejc@skoberne.net>
To: netfilter@vger.kernel.org
Subject: Source port translation only
Date: Tue, 19 Jun 2012 00:28:11 +0200 [thread overview]
Message-ID: <4FDFAB7B.9060002@skoberne.net> (raw)
Hi,
I want to do (stateful) source port translation (restriction actually)
on my outgoing packets, but no source address translation. And I want to
do it for IPv6.
So if there is a TCP packet like this:
SRC ADDR: 2001:db8::10
DST ADDR: 2001:c0de:
SRC PORT: 53523
DST PORT: 80
I want to translate it so that the source port falls into a specific
port range, say [1024:2047]:
SRC ADDR: 2001:db8::10
DST ADDR: 2001:c0de:
SRC PORT: 1500
DST PORT: 80
If the source port is already in the requested port range, no
translation is needed (but the state has to be kept anyway).
Is this possible to do with netfilter? If not, does anybody know for any
other (simple) way to do it?
Thanks,
Nejc
reply other threads:[~2012-06-18 22:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FDFAB7B.9060002@skoberne.net \
--to=nejc@skoberne.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.