How to mangle source packet source ports to a fixed range

To:	netfilter@lists.netfilter.org
Subject:	How to mangle source packet source ports to a fixed range
From:	Steve <netfilter@arntzen.us>
Date:	Fri, 9 Feb 2007 09:15:56 -0600
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	KMail/1.8.2

To:

netfilter@lists.netfilter.org

Subject:

How to mangle source packet source ports to a fixed range

From:

Steve <netfilter@arntzen.us>

Date:

Fri, 9 Feb 2007 09:15:56 -0600

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

Sender:

netfilter-bounces@lists.netfilter.org

User-agent:

KMail/1.8.2

I have a need to set the source packet's high (unprivileged) source ports to a 
fixed range of high  ports on a firewall providing NAT.

The goal is to be able to identify the inside machines at the destination 
after NAT has changed the addresses.  This is for identification only.  I do 
not need to connect back to the machines inside the firewall.  I realize this 
may break certain protocols which may use dedicated unprivileged ports.

i.e.:

PREROUTING -i eth0 -p tcp -m tcp -s 192.168.0.x  --sport 1024:65535 -j 
REDIRECT --to-ports 2000-2200

The above modifies the destination port based on the source port.  I wish to 
modify the source port (  --from-ports ? ).

By already knowing the range of high ports used per internal IP address, I can 
tell which machine inside is sending the data.

If someone knows another way of doing this, I would appreciate any 
suggestions.

Thanks,

Steve.

<Prev in Thread]	Current Thread	[Next in Thread>
How to mangle source packet source ports to a fixed range, Steve <= Re: How to mangle source packet source ports to a fixed range, Pascal Hambourg

Previous by Date:	Re: Iptables proxy to a different network, Jan Engelhardt
Next by Date:	Re: Iptables proxy to a different network, Pascal Hambourg
Previous by Thread:	throttling an internal IP's upstream bandwidth, Scott van Looy
Next by Thread:	Re: How to mangle source packet source ports to a fixed range, Pascal Hambourg
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Iptables proxy to a different network, Jan Engelhardt

Next by Date:

Re: Iptables proxy to a different network, Pascal Hambourg

Previous by Thread:

throttling an internal IP's upstream bandwidth, Scott van Looy

Next by Thread:

Re: How to mangle source packet source ports to a fixed range, Pascal Hambourg

Indexes:

[Date] [Thread] [Top] [All Lists]