On 11/01/2010 09:09 AM, Jan Engelhardt wrote:
On Monday 2010-11-01 13:46, Stephen Clark wrote:
Oh, iptables can also do it. Please see iptables target TEE and
RAWNAT in xtables-addons. http://xtables-addons.sourceforge.net/
In testing this it looks like, to me anyhow, that the cloned packet
gets sent to the new gw with the original destination address, so
now the destination address has to get fixed up on the gw, this
seems pretty kludgy to me. Why can't the cloned packet simply have
its destination address replaced with the new destination address?
Because that would incur a loss of information (namely, the
destination address).
This seems to me like it would make a lot more sense, instead of
having to make changes to the packet on two different systems.
You can do the changes on a single machine if you want to.
I am not sure on how to go about doing that, looking at the code for TEE
it looks
like the cloned packet bypasses any of the remaining iptables chains. So
where
would I change the destination address? Also if I am mistaken and it
does hit
one of the remaining iptables chains how do I tell it is not the
original but the
cloned packet I want to change to the new destination address?
Anyway thanks for your response.
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html