Leonardo Rodrigues Magalhães wrote:
If the DNATted machine is NOT the linux router that is doing the DNAT,
you WILL need the SNAT rule too. If you dont use, DNATted machine will try
to answer directly to the machine that requested the update. And that
machine is not expecting anything from that IP. So, SNATting to linux router
IP is needed if DNATting to a machine in the network.
Sincerily,
Leonardo Rodrigues
You are right, I assumed that 192.168.64.1 is his gateway and stratum server. If it is,
then what I posted previously should work, if it is not then he should to SNAT also.
iptables -t nat -A PREROUTING -i eth1 -s $LAN_SUBNET -p udp --dport 123 -j DNAT --to-destination 192.168.64.1:124
iptables -t nat -A POSTROUTING -o eth1 -p udp --dport 123 -j SNAT --to-source $GW_LAN_IP
Right? :)
Regards,
Dimitar
--
"The only thing necessary for the triumph of evil is for good men to do nothing."
--Edmund Burke.
