On Tuesday 18 May 2004 4:33 pm, CPD - David Cardeñosa Rubio wrote:
> HI!
>
> if you add
>
> iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp --dport 8080 \
> -j DNAT --to-destination 192.168.0.2:80
>
> you need
>
> iptables -t nat -A POSTROUTING -s 192.168.0.2 -p tcp --dport 80 -j SNAT
> --to 192.168.0.1:8080
No, you don't.
Netfilter handles the reverse-natting of reply packets transparently - you do
not need to specify your own rule for them.
The only reason you would want both the above rules is when you want a machine
accessible on a translated IP address, and you also want *new* connections
from that machine to come from the translated address. In both cases you
specify the rule for the "forward" packets, and the "return" packets get
handled by netfilter.
Regards,
Antony.
--
"640 kilobytes (of RAM) should be enough for anybody."
- Bill Gates
Please reply to the list;
please don't CC me.
