This is an odd question. But here it is. I have two hosts both with two nicks physically in two different countries. One host I have DNAT set up on such that all traffic is forwarded to the second host.
iptables -t nat -A PREROUTING -d 0.0.0.0 -j DNAT --to-destination second_host_ip
But what I am trying to imagine is how can I get the second host to un-DNAT the traffic from the first host.
using an example packet from 10.0.0.12 to 195.14.13.2 hits first host. First host changes the src address (10.0.0.12) to its WAN addr and changes the destination 195.14.13.2 to the address of the second host say 212.13.2.234.
212.13.2.234 recieves the packet but now has to DNAT it back to 195.14.13.2 and send off t'internet.
So basically all traffic has to use 212.13.2.234.
So the the state table from host one has to be shared to host two which would mean (worst case)sending an update packet for each packet. This is an unworkable solution. So is there an encapsulation protocol i can use to encode the "real destination".
I dont have much experience with VPN's but maybe it is along those lines I should be thinking. Some kind of tunnelling.
Thanks Ufo Mechanic
Never be afraid to "make clean"
_________________________________________________________________
Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
