Grant Taylor wrote: > This is the command that you would need to run on the fake target to do > the up and over part: > iptables -t nat -A PREROUTING -i $INet -d $FakeTargetIP -p tcp --dport > 22 -j DNAT --to-destination $RealTargetIP:2222 > This is the corresponding command that you would need to run on the real > target to do the down and in part: > iptables -t mangle -A PREROUTING -i $INet -d $RealTargetIP -p tcp > --dport 2222 -j MARK --set-mark $Mark > iptables -t nat -A PREROUTING -i $INet -d $RealTargetIP -p tcp --dport > 2222 -j REDIRECT --to-ports 22 Okay, I understand all this. Is this all that is necessary to make sure the response packets go back through faketarget, though? Isn't this just taking care of the first part--the "up and over/down and in" part--but not the second part, where packets need to go back to source through faketarget?
Attachment:
signature.asc
Description: OpenPGP digital signature
