Dynamic port forwarding with control port
Thu, 02 Aug 2001 18:11:22 -0400
IMHO, sounds like you need a conntrack helper. Study the FTP helper
to get the basic idea of how to create expectations based upon data
in a control channel, then hack it and rewrite it to support your own
stuff. The advantage is that you get seamless access via state, and it's
supported by NAT too.
Eric Laberge wrote:
> I have two computers behind a NAT server. I can forward ports to specific
> machines with no problems. However, I am unable to figure out how to forward
> ports via the use of a control port, mainly for gaming.
> For example, under Linux 2.2 with IPChains and ipmasqadm, I could do the
> ipmasqadm autofw -A -v -r udp 6112 6119 -c tcp 6112
> ipmasqadm autofw -A -v -r tcp 4000 4000 -c tcp 6112
> which will forward udp ports 6112 to 6119 and tcp port 4000 to the computer
> which opened connection to tcp port 6112.
> This allows both my computer access to Battle.Net, though not at the same time,
> This seems so trivial to do with connection tracking that there must exist a
> way to do something similar with IPTables.
> Right now, I tried broadcasting the packet to my LAN, eg.:
> iptables -t nat -A PREROUTING -p udp -i eth1 --dport 6112 6119 -j DNAT --to 192.168.1.255
> though it doesn't seem to work :-(
> Anybody has an idea, before I hack my way with snail-speed, self-made daemons?