On Wed, 27 Nov 2002 14:40:01 -0600 (CST) "Martin A. Brown" <mabrown-lartc@securepipe.com> wrote: > OK! Now I'm confused. Why would you need to do DNAT in both directions? Nope, I do NOT want DNAT. That's just a result of my helpless efforts to do the thing. :) > I thought you said you were using ipchains? If you have iptables, DNAT is > really the answer.....you would DNAT anything inbound from machine A to > machine B. Then let the connection tracking take care of the rest. Yes, correct, I'm using ipchains, and no, I can't use iptables. If I could, which is not the case, I would probably just redirect the connections to the other host. > So, we are agreed....policy based routing probably isn't the answer in > this case. Yes, indeed it seems so, at least to my poor understanding. > : Yes, I can, but do I have a way to check that someone is indeed > : listening on this port? Except locally, I mean. Beacuse netcat is > : binding to the port with no complaints. > > You should be able to use "netstat -ntl" to display the listening sockets > on your system. OK, I'll try that. > : > If you were using redir, why doesn't the following work: > : > # redir --laddr=x.x.x.x --lport=993 --caddr=y.y.y.y --cport=993 --transproxy > : No, it yells > : target: connect: Invalid argument > > The poor thing is in pain--that's why it's yelping! I don't have any > problem with the above command line....are you certain that transproxy > support was compiled into your redir? Do I need to enable it explicitly? It didn't seem to me that way, because there's no switch to turn on any features. Just a plain makefile, in which I couldn't find any transproxy clues. And anyway, it starts just fine, but begins to print those error messages when I'm connecting to the port it's listening on. But this is another scenario - there I'm redirecting all TCP connections directed to port XXXX anywhere in the world to a local port, where sits redir.
Attachment:
pgp00057.pgp
Description: PGP signature
