> . . |
> +-------+ o * . ~ * |
> | my |--> UDP 1337 --> % . pf : . --|--> UDP 31337 --> clouds
> |special| + . magic + | and
> |daemon |<-- UDP 1337 <-- * _ , + <--|--- UDP 31337 <-- stuff
> +-------+ + * o . ~ |
> |
> INSIDE MY OPENBSD MACHINE | OUT ON THE INTERNET
> |
>
> All IP addresses involved should remain the same throughout, and in
> that way this feels a little bit different to NAT: there's no address
> translation since the addresses do not change.
fwiw, even if its only ports being translated its still called NAT (PAT
is a subset of NAT) - internally its all going through the same NAT
functions.
>
> If not pf, maybe relayd would work? I worry that its extra layer of
> indirection might be slow, and I'd like this process to be as fast as
> it can be.
>
> Thanks for any tips!
My two cents: Modify the daemon to listen on the port you want in the
first place.
Most daemons can easily have their port configured. Some might require
breaking out a hex editor... in any event, don't rely on a firewall
layer to do port translation with some NAT gymnastics if you want it to
be as fast as it can be.
