Jesse Gordon wrote: > ----- Original Message ----- From: "Jesse Gordon" <jesseg@xxxxxxxxxx> > >> My box is running a TCP service. When another box tries to my box, my >> box > > > I meant 'When another box tries to _connect to_ my box...' > > -Jesse > >> responds with a reply packet.(Just like it should.) >> How do I match that (and all subsequent) reply packets so I can SNAT >> on them? >> >> I even tried: >> >> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 222.222.222.222 >> >> and sure enough, everything going out eth1 was 'from' 222.222.222.222 >> except the reply packets to incoming connections. >> >> Also tried -t nat OUTPUT, -t mangle OUTPUT, etc.. Nothing seemed to >> work. >> >> Should I expect such a feat to be possible? >> >> Thanks! >> >> -Jesse >> >> >> > I think you are looking for DNAT. Yep, you want to make DNAT. Lets suppose you have 3 machines: A,B,C; A is behind B and you are on C. You would want to make a DNAT rule on B to A in order to initiate connections from C to A... > > >
