SNAT (or MASQUERADING) and DNAT question

Aurélien MALO <amalo@xxxxxxxxx> · Wed, 1 Jun 2005 14:23:12 +0200

Hi,

The private adresses (192.168.254.0/255.255.255.0) of my network are sent 
dynamically by dhcp on my network. The dhcp server is on the firewall which 
address is 192.168.254.1/255.255.255.255 (this address is static).

I've got a rsync server on this network which is on a separe server. His 
address is 192.168.254.200/255.255.255.255 (this address is static).

I want that the users of the private network can make a rsync request to the 
firewall, and the firewall forward the request to the rsync server 
transparently.

For the moment, I can do it with shorewall but only by specifying the client 
adress. I'm using masquerading and DNAT rule, in the example the client 
address is 192.168.254.107/255.255.255.255 :

>masq file
eth0                    192.168.254.107/32        192.168.254.254
eth0                    192.168.254.200/32        192.168.254.254

>rules file
DNAT     loc:192.168.254.107   loc:192.168.254.100         udp     873     -
DNAT     loc:192.168.254.100   loc:192.168.254.107         udp     873     -
DNAT     loc:192.168.254.107   loc:192.168.254.100         tcp     873     -
DNAT     loc:192.168.254.100   loc:192.168.254.107         tcp     873     -

So I would prefer to redirect all rsync traffic from network. An other 
important thing is that all my harware are on the same subnet (gateway, 
server, workstations).

I've tried to use SNAT and DNAT ipatbles rules to do that but without any 
succes :

iptables -t nat -A POSTROUTING -d 192.168.254.1 -o eth0 -p tcp --dport 873 -j 
SNAT --to-source 192.168.254.1
iptables -t nat -A POSTROUTING -d 192.168.254.1 -o eth0 -p udp --dport 873 -j 
SNAT --to-source 192.168.254.1
iptables -t nat -A PREROUTING -d 192.168.254.1 -p tcp --dport 873 -j DNAT 
--to-destination 192.168.254.200
iptables -t nat -A PREROUTING -d 192.168.254.1 -p udp --dport 873 -j DNAT 
--to-destination 192.168.254.200

How can i do this ? Does I have to mark the packets ?

Thanks in advance for any help, link, ...

-- 
Aurélien MALO - amalo@xxxxxxxxx
Tél. bureau : 03 21 08 52 42 - Tél. port : 06 21 54 23 80

CEntre Ressource du Développement Durable
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

SNAT (or MASQUERADING) and DNAT question

Linux Advanced Routing and Traffic Control