Nickola, : Well, in fact I tried a solution with doing DNAT (i.e. destination NAT) in : both directions - from the client to the server and vice versa. With tcpdump : I saw that packet are going both diorections, but the client application : refused to accept them. I'm talking about irc. I mean there weren't any : errors, given by the client, just silence. :) OK! Now I'm confused. Why would you need to do DNAT in both directions? I thought you said you were using ipchains? If you have iptables, DNAT is really the answer.....you would DNAT anything inbound from machine A to machine B. Then let the connection tracking take care of the rest. If you are using DNAT both directions, I'm guessing I don't quite understand your intended configuration or you don't quite understand DNAT. Either way, if you can use DNAT, read up on how to use DNAT at http://iptables-tutorial.frozentux.net/ and try again. -- OR -- <snip> : Ehm, yes, I tried with priorities 200 and the default ones, which ip rule : puts at the end - i.e. around 32765 and below. So, we are agreed....policy based routing probably isn't the answer in this case. : > After you have done: : > # echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind : > can you do something like this: : > # nc -nlvv -p 3001 -s 77.77.77.77 : > Where 77.77.77.77 is an IP not in use anywhere on your box? : Yes, I can, but do I have a way to check that someone is indeed : listening on this port? Except locally, I mean. Beacuse netcat is : binding to the port with no complaints. You should be able to use "netstat -ntl" to display the listening sockets on your system. : > If you were using redir, why doesn't the following work: : > # redir --laddr=x.x.x.x --lport=993 --caddr=y.y.y.y --cport=993 --transproxy : No, it yells : target: connect: Invalid argument The poor thing is in pain--that's why it's yelping! I don't have any problem with the above command line....are you certain that transproxy support was compiled into your redir? -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
