Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Change NAT Reflection from INETD to SOCAT

    Scheduled Pinned Locked Moved Bounties
    14 Posts 5 Posters 9.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmb
      last edited by

      I've seen the port conflicts from inetd once, haven't seen a way to replicate it. That has no relation to an issue with doing it in inetd, it's because at some point something tries to launch inetd when it's already running.

      1 Reply Last reply Reply Quote 0
      • G
        GoldServe
        last edited by

        I've seen this condition happen when the load balancer kicks in and takes a gateway offline/online.

        Wouldn't it be nice to be able to implement a more flexible redirection program that supports UDP and other neat things?

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          YES! 50$ from me!

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            For reference, there is already an open ticket for this in redmine - http://redmine.pfsense.org/issues/2281
            If anyone commits this, make sure to update the ticket. (Or put "Ticket #2281" in the commit message)

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              Supermule Banned
              last edited by

              Any updates on this?

              1 Reply Last reply Reply Quote 0
              • P
                podilarius
                last edited by

                I was looking into this, I found where are the calls to load the config for /usr/bin/nc, but I cannot find in builder tools where the binary is compiled. Is this a part of the kernel build and not a port?

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  nc is included in FreeBSD, so nothing special is needed to ensure it's there.

                  socat would have to be added to the buildports file and copy list for the appropriate branch/version so it would be built and included.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • S
                    Supermule Banned
                    last edited by

                    Thanks Jim.

                    @jimp:

                    nc is included in FreeBSD, so nothing special is needed to ensure it's there.

                    socat would have to be added to the buildports file and copy list for the appropriate branch/version so it would be built and included.

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      For testing you can always just "pkg_add -r socat" though. Once the code is ready to be used in pfSense we can work out the pfPorts part, that's easy. The hard part is translating all the NC bits to socat.

                      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • S
                        Supermule Banned
                        last edited by

                        Estimated time for this and can it be quickened in any way?

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          I'm not sure anyone has actually officially picked up the bounty, I was just offering tips to whoever did.

                          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • P
                            podilarius
                            last edited by

                            I am thinking about it โ€ฆ there is a lot to be done for this. To be honest with you, I now use split dns (using the forwarder in pfSense) to access the servers by URL or names. This translates the names into local addresses (even on DMZ) and works without issue for me.

                            1 Reply Last reply Reply Quote 0
                            • G
                              GoldServe
                              last edited by

                              @podilarius:

                              I am thinking about it โ€ฆ there is a lot to be done for this. To be honest with you, I now use split dns (using the forwarder in pfSense) to access the servers by URL or names. This translates the names into local addresses (even on DMZ) and works without issue for me.

                              If you use split dns, how do you get around the fact that the external port address is different than the internal port address? For example, I NAT an internal service on port 123 to external 321. The client wants to be able to connect externally (mobile device) and internally when on wifi to port 321. The DNS part I get, how about the port issue?

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.