On Sunday 09 May 2004 10:50 pm, Joel Vosu wrote:
> I would need to be able to change the source address of incouming
> packets. I have 2 different subnets, but I need the server to see the
> packes from the 2nd subnet as coming from the 1st.
> in iptables it would be something like:
> iptables -A PREROUTING -t nat -s 2nd_subnet -j SNAT --to-source
> local_machine
> but this is not possible because SNAT only works for outgoing packets in
> POSTROUTING.
> Is there a way to get this to work other than adding a second router box
> for NAT?
The only way I can think you'd be able to do this on one box is by hacking
around the source for netfilter so you can use SNAT in PREROUTING. You'd
need to be careful about the auto-reverse NAT for reply packets, as well, to
make sure they go back to the original machine.
Not impossible, by any means, but it's almost certainly easier to dig up an
old 486 or Pentium and run NAT on that.
Regards,
Antony.
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Please reply to the list;
please don't CC me.
