Eric: Where should I put? "iptables -A POSTROUTING -t nat -d 172.16.12.212 -p > tcp --dport 22 \\ > -j SNAT --to 172.16.12.130" Should that command also be executed on the same machine as the previous? Thanks Dom --- Eric Leblond <eric@xxxxxx> wrote: > On Wed, 2004-09-22 at 16:09, Dominic Iadicicco > wrote: > > Hello all, > > My devil-Box is at 172.16.12.130 and I want all > ssh > > request to this .130 address, to go to address > > 172.16.12.212. > > go to : it's the easy part : > iptables -A PREROUTING -t nat -d 172.16.12.130 -p > tcp -dport 22 \\ > -j DNAT --to 172.16.12.212 > > well that's for go to. But let say A try to connect > to 172.16.12.130 then > 172.16.12.212 receive a connection from 1 and answer > to A which wait > answer from 172.16.12.130. bad day for him. > The solution is to change source address of packets > going to > 172.16.12.212 : > iptables -A POSTROUTING -t nat -d 172.16.12.212 -p > tcp --dport 22 \\ > -j SNAT --to 172.16.12.130 > > thus we have the following : > A talks to 172.16.12.130 > packet arrive to 172.16.12.212 with source > 172.16.12.130 > packet return to 172.16.12.130 > which reemit to A. > > BR, > -- > Eric Leblond <eric@xxxxxx> > INL > > _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
