Aleksandar Milivojevic wrote: > You assumed right. However, Netfilter is smart enough to change source > address > on returning packet without explicit SNAT rule(s). As long as incomming > and > outgoing packets are going through same firewall Ah ha! I *was* right. :) If you have more than one router on the network, you need to make sure the internal host uses the same router doing the DNAT for it's outbound traffic. On our network we have more than one router doing SNAT for the internal network which provides redundancy and load sharing. When I setup the inbound DNAT for SSH, I realized that both inbound and outbound streams from the target host had to go through the same router. What I didn't know is that you don't *need* the SNAT. My network just *happens* to be doing it. Thanks, Kirk
A little iptables help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: A little iptables help
- From: t004 at kbocek.com (Kirk Bocek)
- Date: Wed Sep 28 17:37:03 2005
- In-reply-to: <20050928122150.xuxg5jnf18gg4ow4@xxxxxxxxxxxxxxxxxxx>
- References: <1127912096.11027.5.camel@xxxxxxxxxxxxxxxxxxxxxx> <20050928151159.GR26336@xxxxxxxxxxxxxxx> <1127921861.23090.11.camel@xxxxxxxxxxxxxxxxxxxxxx> <433ABBA5.7040301@xxxxxxxxxx> <20050928114650.emmefr738kg404co@xxxxxxxxxxxxxxxxxxx> <433ACB49.3080601@xxxxxxxxxx> <20050928122150.xuxg5jnf18gg4ow4@xxxxxxxxxxxxxxxxxxx>
- References:
- A little iptables help
- From: James Pifer
- A little iptables help
- From: Rodrigo Barbosa
- A little iptables help
- From: James Pifer
- A little iptables help
- From: Kirk Bocek
- A little iptables help
- From: Aleksandar Milivojevic
- A little iptables help
- From: Kirk Bocek
- A little iptables help
- From: Aleksandar Milivojevic
- A little iptables help
- Prev by Date: A little iptables help
- Next by Date: A little iptables help
- Previous by thread: A little iptables help
- Next by thread: A little iptables help
- Index(es):
 |