Port Forwarding - Using the 2.0.30-38 patches

What's Changes

If you haven't used Port Forwarding before, you can skip this section. This is quick guide to the changes since the 2.0.27-9 patches. Most of the changes do not affect the user interface and can ignored.

ipsubs has been renamed ipportfw and has an extra option "-L" to list the current forwarding table
Port Forwarding now act on packets destined for a single IP address. As a result, ipportfw's -u and -t options take an address/port pair - the address is the address that outside users think they are connecting to.
You now need to say "Y" to port forwarding in "make config".

The code has gone through a major rewrite but I still expect to add at least one more major change. Currently, "Port Forwarding" has isn't using the hash tables properly. I intend to correct this soon in a performance realise.

These Port forwarding patches are for the linux 2.0.30 and 2.0.31 kernels. For earlier kernels, see the earlier patches.

Also download the configuration tool (I could have adapted ipfwadm but there already enough versions of this tool so it would have further confused the problem) from:
ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/ipportfw.c
or the backup site (normally much faster to the US):
http://www.monmouth.demon.co.uk/ipsubs/ipportfw.c

Patch the kernel, configure the kernel (remember to enable the CONFIG_IP_MASQUERADE_IPPORTFW option) and recompile (replace x with appropriate version):

cd /usr/src/linux
zcat subs-patch-1.3x.gz | patch -p1

Compile the configuration utility:

gcc ipportfw.c -o ipportfw
chmod a+x ipportfw

Before attempting to setup Port forwarding, set up and use IP Masquerading. Until it's enabled with ipportfw, Port forwarding will not affect IP Masquerading in any way.

To configure redirection of a local port (local refers to the machine running the masquerading), you need to use ipportfw. It's options can be described as:

ipportfw -h
ipportfw

Usage: ipportfw -A -[t|u] l.l.l.l/lport -R a.a.a.a/rport  add entry
       ipportfw -D -[t|u] l.l.l.l/lport                   delete entry
       ipportfw -C                                        clear table
       ipportfw -L                                        list table

l.l.l.l is the local interface receiving packets to be forwarded.
a.a.a.a is the remote address.
lport is the port being redirected.
rport is the port being redirected to.

You need an example? ok.

/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
/sbin/ipfwadm -F -f

/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a masquerade -S 10.0.0.0/8 -D 0.0.0.0/0
 
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t194.160.1.1/80 -R 10.0.0.2/80
/usr/local/sbin/ipportfw -A -u194.160.1.1/525 -R 10.0.0.2/525
 
/usr/local/sbin/ipportfw -L
Prot Local Addr/Port > Remote Addr/Port                        

TCP 194.160.1.1/80 > 10.0.0.2/80

UDP 194.160.1.1/525 > 10.0.0.2/525

Last updated on 22nd October, 2000
SC

Port Forwarding - Using the 2.0.30-38 patches

What's Changes

Linux 2.0.30

Linux 2.0.31 (thanks to Ray Bagley for these)

Linux 2.0.32 (thanks to Ray Bagley for these too)

Linux 2.0.33 (and these...)

Linux 2.0.34 (but not these)

Linux 2.0.35 & 2.0.36 (or these)

Linux 2.0.38