On Sunday 09 May 2004 10:50 pm, Joel Vosu wrote:Thanks Antony,
I would need to be able to change the source address of incouming
packets. I have 2 different subnets, but I need the server to see the
packes from the 2nd subnet as coming from the 1st.
in iptables it would be something like:
iptables -A PREROUTING -t nat -s 2nd_subnet -j SNAT --to-source
local_machine
but this is not possible because SNAT only works for outgoing packets in
POSTROUTING.
Is there a way to get this to work other than adding a second router box
for NAT?
The only way I can think you'd be able to do this on one box is by hacking around the source for netfilter so you can use SNAT in PREROUTING. You'd need to be careful about the auto-reverse NAT for reply packets, as well, to make sure they go back to the original machine.
Not impossible, by any means, but it's almost certainly easier to dig up an old 486 or Pentium and run NAT on that.
Regards,
Antony.
But since I'm not that good at hacking source I hope I'll still find an easyer solution. As for the 486 or pentium part... if I cant find anything by tomorrow morning I'll have to use that. Right now I'm checking proxy applications if they can do what is required.
Joel
