Hi. >> I have a problem with DNAT. I want to set up portforwarding. In local >> network I have two servers and workstations. One (main) server is listening >> at some port, let's say 4444. The other one also acts like a gateway >> to internet and I set up a portforwarding like this: >> >> iptables -A PREROUTING -p tcp --dport 4444 -j DNAT --to 192.168.1.1:4444 >> >> where 192.168.1.1 is the IP of the main server which runs the service. >> If I try to connect from outside, everything works fine. If I try to >> connect from one of workstations to the gateway machine to port 4444, >> nothing happens. tcpdumps shows just requests but no answers. Why >> doesnt DNAT work also for local IP addresses? > I'm assuming that the internal client has an address like 192.168.1.x. Exactly. > Generally if a packet goes out the same interface it came in, that > indicates that something nasty is going on, but in your case "that's not a > bug, that's a feature". I seem to remember a specific prohibition against > mirror-style routing (maybe for a different OS), but I looked in > /usr/src/linux/Documentation/filesystems/proc.txt and failed to find where > it could be enabled and disabled. > Can someone comment on whether this prohibition is present in Linux, and > how to configure it? I would really appreciate it. Thanks, Jim! -- Nejc Skoberne Grajska 5 SI-5220 Tolmin E-mail: nejc.skoberne@xxxxxxxxxxxxxx
