DNAT question

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

This is an odd question. But here it is. I have two hosts both with two nicks physically in two different countries. One host I have DNAT set up on such that all traffic is forwarded to the second host.

iptables -t nat -A PREROUTING -d 0.0.0.0 -j DNAT --to-destination second_host_ip

But what I am trying to imagine is how can I get the second host to un-DNAT the traffic from the first host.

using an example packet from 10.0.0.12 to 195.14.13.2 hits first host. First host changes the src address (10.0.0.12) to its WAN addr and changes the destination 195.14.13.2 to the address of the second host say 212.13.2.234.
212.13.2.234 recieves the packet but now has to DNAT it back to 195.14.13.2 and send off t'internet.


So basically all traffic has to use 212.13.2.234.

So the the state table from host one has to be shared to host two which would mean (worst case)sending an update packet for each packet. This is an unworkable solution. So is there an encapsulation protocol i can use to encode the "real destination".

I dont have much experience with VPN's but maybe it is along those lines I should be thinking. Some kind of tunnelling.

Thanks
Ufo Mechanic

Never be afraid to "make clean"

_________________________________________________________________
Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger


_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux