Re: redirect to 127.0.0.1 [corrected]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In light of Jason's response about dealing with the kernel's martian code I think a rule like this needs to be added to the solution:

iptables -t mangle -A PREROUTING -d $SERVER -p tcp --dport 11000 -j ROUTE --iif lo --continue
iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state --state NEW -m nth --every 4 --packet 0 -j DNAT --to-destination 127.0.0.1:11000
iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state --state NEW -m nth --every 4 --packet 1 -j DNAT --to-destination 127.0.0.1:11001
iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state --state NEW -m nth --every 4 --packet 2 -j DNAT --to-destination 127.0.0.1:11002
iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state --state NEW -m nth --every 4 --packet 3 -j DNAT --to-destination 127.0.0.1:11003



Grant. . . .

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux