_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: ip6tables equivalent for NAT?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: ip6tables equivalent for NAT?
- From: Kenneth Porter <shiva@xxxxxxxxxxxxxxx>
- Date: Tue, 26 May 2020 12:58:35 -0700
- In-reply-to: <CAJnkzXJQOJ-2MWn-e3gwOQC8RzZWJ=_i9vo-s6fQTOgdryRFeg@mail.gmail.com>
- References: <BF7063BCFF16B8FE6D327B9F@172.27.17.193> <CAJnkzXJQOJ-2MWn-e3gwOQC8RzZWJ=_i9vo-s6fQTOgdryRFeg@mail.gmail.com>
- User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
I figure that TCP is easy: Add a rule to the forward chain to allow SYN
packets. There's already connection tracking to handle established
connections. Does connection tracking handle UDP? If I allow all UDP
from the LAN interface and one sends a DNS query from LAN to WAN, will
the reply get back? I don't want to blanket authorize all UDP. ICMPv6,
maybe, to allow traceroutes. Unless that's also handled by the tracking
system.
- Follow-Ups:
- Re: ip6tables equivalent for NAT?
- From: Chris Adams
- Re: ip6tables equivalent for NAT?
- From: John Pierce
- Re: ip6tables equivalent for NAT?
- References:
- Re: ip6tables equivalent for NAT?
- From: John Pierce
- Re: ip6tables equivalent for NAT?
- Prev by Date: Re: ip6tables equivalent for NAT?
- Next by Date: Re: ip6tables equivalent for NAT?
- Previous by thread: Re: ip6tables equivalent for NAT?
- Next by thread: Re: ip6tables equivalent for NAT?
- Index(es):
 |