Re: [m0n0wall-dev] Wanted Dead - NAT Bouncing Bug : Bounty increased!!

From:	Dmitry Sorokin <dimon at intellinet dot ca>
To:	m0n0wall dash dev at lists dot m0n0 dot ch
Cc:	tanuj at ts86 dot net
Subject:	Re: [m0n0wall-dev] Wanted Dead - NAT Bouncing Bug : Bounty increased!!
Date:	Wed, 27 Oct 2004 15:54:10 -0600

As long as I understood, ipfilter doesn't do such things originally.
As http://m0n0.ch/wall/docbook/faq-lannat.html says:
Reason. This is due to a limitation in ipfilter/ipnat (which are used in 
m0n0wall). Read the ipfilter FAQ for details. m0n0wall does not (and probably 
will not) include a "bounce" utility.

And "bounce" utilities that I was looking at support only TCP protocol.

iptables and ipfilter are two different piece of firewall/nat/ipfilter 
software, so if iptables for Linux can do something, it doesn't mean ipfilter 
can do the same thing

Quoting Tanuj <tanuj at ts86 dot net>:

> Dmitry Sorokin wrote:
> > Should it only bounce TCP or UDP as well? If UDP, then none of the bounce
> > utilities support that for now.
> >
> 
> Dunno about this bouncing thing, but on Linux I'd do a NAT rule like:
> 
> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -j
> SNAT --to 192.168.1.1
> 
> (where 192.168.1.1 is the gateway)
> 
> This rule would work as PREROUTING would deal with the 1:1 NAT mappings
> or port forwardings or whatever.
> 
> Maybe it's this easy on xBSD? Maybe I don't understand the problem?
>