Am Fre, 2003-11-28 um 19.32 schrieb mailinglist@xxxxxxxxx: > I have a network which has a gateway wwith iptables on it. I want > iptables to send all data bound for a external server (Ex. server.com or > 20.20.20.20) to a third server (server_mirror.com). So iptables needs to > rewrite the header on every packet bound for the intended server > (server.com) so that the packets get routed to the third server > (server_mirror.com). This is easy. You just do DNAT in PREROUTING. > Also, the third server and person making the request > are making a socket connection that sends data two ways. Is this an additional connection? Which end will initiate the connection? If it is the client(person) and you know the used ports, it is easy (see above). If you do not know the ports and the client initiates the connection, it is easy but somehow unsafe. If the server initiates the connection it becomes even more unsafe. If you do not know the server (any server on the internet) it is completely unsafe unless you write a conntrack_helper module for iptables (C-hacking). Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: VPN mit Linux Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
