Forward internal packets as though they're external

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



List,

I have a seemingly simple situation here that I have yet to find a straightforward answer to, so here goes. I have my router/firewall running iptables:

eth0 - 65.9.134.4
eth1 - 192.168.0.1

Then, say an internal machine, "castor":

eth0 - 192.168.0.100

I'm running a BitTorrent tracker on castor's TCP port 6969, and I'm using iptables to forward traffic coming in router's eth0's port 6969 to castor's 6969 (nat table, PREROUTING chain). No problem coming in from outside.

The problem arises when I want to connect to castor's BitTorrent tracker from another machine behind the router (on the 192.168.0.0/24 subnet). It's matching the INPUT rule and sending the packet directly to router's port 6969, instead of following the FORWARD rule to castor's 6969, and while this makes sense to me, I don't want it to do it.

So, the simple solution, I say to myself, is to tell iptables to take all packets with destination address of 65.9.134.4 and source address of 192.168.0.0/24 and dport 6969 to go to castor's 6969. In English I think I have it fine. Finding the right syntax/logic in iptablesish is where I get tripped up. I can match the rule fine, I just don't know what action/jump I need to specify to make it redirect.

The rule is:

/sbin/iptables -A INPUT -d 65.9.134.4 -s 192.168.0.0/24 -p tcp --dport 6969

And if I add "-j DROP" or "-j ACCEPT", I get the appropriate action in my testing situation. Now, the question:

What do I have to specify after the above rule definition to either a) get iptables to redirect this packet to my existing nat/PREROUTING chain (which may not be possible), or b) forward it directly to a specified IP:port?

If you need any more specifics or code or if I posted this to the wrong list, just let me know. Thanks in advance.

Regards,
Jon Heese


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux