Quoting David Ruggles, from the post of Wed, 19 Nov: > (Someone with more knowledge tell me if I'm wrong) well, I'm no veteran either, but the man page said one can only do DNAT in OUTPUT and PREROUTING while SNAT works only on POSTROUTING which is the other way around from what I need... > As far as I know the only way to modify packet addresses is to use the > PREROUTING and POSTROUTING chains in the nat table. > > An example might be > > Machine A ip 10.0.0.2 ----> Gateway ip 10.0.0.1 eth0 <-> Gateway ip 10.0.0.3 > eth1 ----> Machine B ip 10.0.0.2 > > On Gateway issue following: > > iptables -t nat -A PREROUTING -i eth0 -d 10.0.0.1 -j DNAT --to-destination > 10.0.0.2 > iptables -t nat -A POSTROUTING -o eth1 -d 10.0.0.2 -j SNAT --to-source > 10.0.0.1 > > I'm not sure this will work though because how will the gateway know to send > 10.0.0.2 out eth1 and not back out eth0? my problem precisely... -- A little something for the ladies Ira Abramov http://ira.abramov.org/email/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
