Port Forwarding - Using the 2.0.30-35 patches

What's Changes

If you haven't used Port Forwarding before, you can skip this section. This is quick guide to the changes since the 2.0.27-9 patches. Most of the changes do not affect the user interface and can ignored.

The code has gone through a major rewrite but I still expect to add at least one more major change. Currently, "Port Forwarding" has isn't using the hash tables properly. I intend to correct this soon in a performance realise.

These Port forwarding patches are for the linux 2.0.30 and 2.0.31 kernels. For earlier kernels, see the earlier patches.

Linux 2.0.30

Download the kernel patches from the main site:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/subs-patch-1.31.gz
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/subs-patch-1.31.gz

Linux 2.0.31 (thanks to Ray Bagley for these)

Download the kernel patches from the main site:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/subs-patch-1.32.gz
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/subs-patch-1.32.gz

Linux 2.0.32 (thanks to Ray Bagley for these too)

Download the kernel patches from the main site:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/subs-patch-1.33.gz
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/subs-patch-1.33.gz

Linux 2.0.33 (and these...)

Download the kernel patches from the main site:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/subs-patch-1.34.gz
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/subs-patch-1.34.gz

Linux 2.0.34 (but not these)

Download the kernel patches from the main site:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/subs-patch-1.36.gz
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/subs-patch-1.36.gz

Linux 2.0.35 (or these)

Download the kernel patches from the main site:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/subs-patch-1.37.gz
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/subs-patch-1.37.gz

Also download the configuration tool (I could have adapted ipfwadm but there already enough versions of this tool so it would have further confused the problem) from:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/ipportfw.c
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/ipportfw.c

Patch the kernel, configure the kernel (remember to enable the CONFIG_IP_MASQUERADE_IPPORTFW option) and recompile (replace x with appropriate version):

cd /usr/src/linux
zcat subs-patch-1.3x.gz | patch -p1

Compile the configuration utility:

gcc ipportfw.c -o ipportfw
chmod a+x ipportfw

Before attempting to setup Port forwarding, set up and use IP Masquerading. Until it's enabled with ipportfw, Port forwarding will not affect IP Masquerading in any way.

To configure redirection of a local port (local refers to the machine running the masquerading), you need to use ipportfw. It's options can be described as:

ipportfw -h
ipportfw

Usage: ipportfw -A -[t|u] l.l.l.l/lport -R a.a.a.a/rport  add entry
       ipportfw -D -[t|u] l.l.l.l/lport                   delete entry
       ipportfw -C                                        clear table
       ipportfw -L                                        list table

l.l.l.l is the local interface receiving packets to be forwarded.
a.a.a.a is the remote address.
lport is the port being redirected.
rport is the port being redirected to.

You need an example? ok.

/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
/sbin/ipfwadm -F -f

/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a masquerade -S 10.0.0.0/8 -D 0.0.0.0/0
 
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t194.160.1.1/80 -R 10.0.0.2/80
/usr/local/sbin/ipportfw -A -u194.160.1.1/525 -R 10.0.0.2/525
 
/usr/local/sbin/ipportfw -L
Prot Local Addr/Port > Remote Addr/Port                        

TCP 194.160.1.1/80 > 10.0.0.2/80

UDP 194.160.1.1/525 > 10.0.0.2/525


Last updated on 18th December, 1997
SC