|
From what I understand if I setup a DNAT rule, when
a packet matching the rule comes in it is sent to the specified host, obviously
this is done by changing the destination field to be the system 'behind' the
firewall. It was however my understanding--and what I've seen in
practice--that the source field would not be changed. So in other words
the source of the packet would still be the host out on the internet that
actually sent the original packet. However I have made a set of DNAT rules
that I couldn't get to work. So a setup a packet sniffer at several
points. Here is what I noticed and has me confused.
The inside computer (A) sends out a UDP packet to
the internet connected computer (B), of course this packet goes through firewall
(FW).
The packet goes out as expect srcA
dstB
But the weird part is the response comes
back in srcFW dst(A) Where I would like it would be src(B)
dst(A)!!!
I think this is screwing up the
communications. Can anyone help me understand what is
happening?
- Craig
|
