UDP mapping (on R80.20)

Hugo_vd_Kooij · ‎2018-11-27

Silly me. I tried to find the answer in Secure Knowledge or in some existing predefined service. But I could not find the answer.

I want to map a port on the firewall to a port on another server. (aka: my honeypot)

It's easy to clone http_mapped and do this for TCP port. But I can't find an example for UDP.

So I did the next best thing and did a trial-and-error attempt:

Clone http_mapped to my own service HoneyPot_SIP
General
1. Match By : Change from IP Protocol 6 to IP protocol 17
Advanced
1. Match: Change tcp to udp
2. Match: Change dport=80 to dport=5060
3. Action: Change 80 to 5060
4. Action: Change 0.0.0.0 to my HoneyPot IP address
Publish and install policy

So far it seems work just fine. Need to do some real capturing to see it the translate actually works.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

PhoneBoy · ‎2018-11-27

Curious why you wouldn’t use regular NAT rules for this (which is what I do).

Hugo_vd_Kooij · ‎2018-11-28

There are some side effects if you do NAT on the gateway itself.

The port mapping does not interfere with other traffic.

But it is also is a matter of taste I guess.

The point was more about documenting HOW to do it.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Danny · ‎2018-11-27

I remember having done this a long time ago as well. There was some advantage, NAT didn't provide back then.

However, keep in mind that any _mapped service won't be accelerated by SecureXL as mentioned by Tim.

Are you a member of CheckMates?