On Wed, 2004-09-22 at 16:09, Dominic Iadicicco wrote: > Hello all, > My devil-Box is at 172.16.12.130 and I want all ssh > request to this .130 address, to go to address > 172.16.12.212. go to : it's the easy part : iptables -A PREROUTING -t nat -d 172.16.12.130 -p tcp -dport 22 \\ -j DNAT --to 172.16.12.212 well that's for go to. But let say A try to connect to 172.16.12.130 then 172.16.12.212 receive a connection from 1 and answer to A which wait answer from 172.16.12.130. bad day for him. The solution is to change source address of packets going to 172.16.12.212 : iptables -A POSTROUTING -t nat -d 172.16.12.212 -p tcp --dport 22 \\ -j SNAT --to 172.16.12.130 thus we have the following : A talks to 172.16.12.130 packet arrive to 172.16.12.212 with source 172.16.12.130 packet return to 172.16.12.130 which reemit to A. BR, -- Eric Leblond <eric@xxxxxx> INL
