RE: UnNATing return packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry, I can't understand your english explanation.
 
When the packets come in off the internet it hit the EXTernal DEVice which the PREROUTING table converts the EXTernal DESTination address to the INTernal DEVices DESTination servers IP address..
 
EXTDEV=eth0
DESTIP=203.x.x.x.x
INTIP=192.168.0.1
 
iptables -A PREROUTING -t nat -i $EXTDEV -d $DESTIP -p tcp --dport 80 -j DNAT --to $INTIP
 
it changes it at the PREROUTING because the routing table won't know where 203.x.x.x is, but if it's changed before routing then routing will know that 192.168.0.1 is inside on eth1 and pass through the FORWARD chain and out via eth1.
 
Having said that, going out is the same thing except it's POSTROUTING.
 
So 192.168.0.1 responds to the packet and goes into eth1 which then passes through FORWARD and into POSTROUTING which then says "hey 192.168.0.1 can't go out onto the net like that" and translates it to the IP which matches the ip_conntrack table that the original packets wanted to reach ie. $DESTIP
 
this makes perfect sense..
 
If you can detail what your problem is a bit like about it'll help me more to help you.. ;) I hope the above didn't bore you either.. ;))

	-----Original Message----- 
	From: Tim Saunders [mailto:Tim.Saunders@xxxxxxxxxxxxxx] 
	Sent: Fri 23-May-03 5:49 PM 
	To: netfilter@xxxxxxxxxxxxxxxxxxx 
	Cc: 
	Subject: RE: UnNATing return packets
	
	
	 



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux