If you have a single entry point and a single IP address, this is a non-issue. iptables -A PREROUTING -j DNAT -p tcp --destination-port 22 --destination 10.1.1.1 --to-destination 192.168.1.1 If you have multiple gateways that a PC can use to get out of a network, there is no guarantee that the return packet will take the correct path back through 10.1.1.1. In this case I don't believe there is a way to accomplish this with total transparency. You can use an SNAT rule to make 192.168.1.1 see the middle party, but the originating host would still be unknowing of any NAT occurrences. Hope this helps. -----Original Message----- From: Andrew Brink [mailto:abrink@xxxxxxxxxxxxxxx] Sent: Thursday, April 03, 2003 1:36 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Traffic Reflecting / Redirecting All - I am trying to set up a box that can reflect traffic to another box transparently. An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1 then sends this packet to 192.168.1.1, then the return path must also go through 10.1.1.1. The trick is getting this to work transparently, and over the internet, not a local network. Any thoughts or ideas would be helpful. Thanks. Andrew Brink, CCNA, WCSP NetStandard, Inc. 913-262-3888
