Hi, Am Fre, 2003-08-15 um 11.29 schrieb SBlaze: > I've been toying around with the idea of redirecting unwanted traffic to the > discard surface. I'm having trouble understanding some concepts though. Could > anyone please explain this in more detail or perhaps suggest a way to > accomplish this. > > On the filter tables using IMPUT there is no way to change or alter the > destination of packets and cause them to be sent to another port? No. You cannot change the source or destination in the filter table. Use the nat table for this. In the nat table you can change the source (POSTROUTING) and the destination (PREROUTING, OUTPUT) > > Using the POSTROUTING chain in the nat table is impoosible to effectively > filter traffic via specific matches due to the fact that POSTROUTED packets are > sort of "lumped together" for lack of a better way to explain it? You want the PREROUTING chain since you want to redirect (change the destination). And yes, when using NAT you only see the first packet of each connection in the nat table. All other packets are automatically natted identically. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
