On Tuesday 09 December 2003 7:04 pm, Örjan Persson wrote:
> Hello,
>
> I would like to redirect incoming traffic on host1:33 to host2:44!
>
> Tried to find information about this for a day now but all I come up
> with is the DNAT/SNAT solution. The problem with this is when the final
> packet arrives at the host2 it thinks that host1 sends them.
>
> Is there a way to keep the senders IP?
If both the real source IP and the real destination IP exist on the same
interface (directly, or some distance away) of the machine running netfilter,
then no, you cannot translate the destination address without altering the
source address as well.
The reason is simple:
If you translate only the destination address, then reply packets go direct
from destination back to source without going back through the reverse nat,
therefore the reply comes back from a different address (the real one) than
the original request was sent to.
Only if you also translate the source address do the reply packets come back
through netfilter, allowing the reverse translation to occur, keeping both
ends of the link happy about what IP they're talking to.
If it is not true that the real source IP and the real destination IP exist on
the same interface of the netfilter machine, repost your query with a bit
more detail and we may be able to help futher.
Antony.
--
The difference between theory and practice is that in theory there is no
difference, whereas in practice there is.
Please reply to the list;
please don't CC me.
