On 11/23/2005 11:46 AM, Jesse Gordon wrote: > I actually want to rewrite the source IP of TCP packets that exit a given > ethernet card -- even (especially) if they are generated as responses to > incoming connections to the box. > > Lets say I have 2 machines: S, and C; > S is the server, and I am on C[lient]. Both machines are sitting on a simple > isolated flat LAN. > > Normally, when C connects to S, S replies with it's own source address. This > is normal operation, and is what I want to alter. > I wish for the replies from S to be to reach C with an arbitrarly assigned > source address. > (And I want the source address rewrite to be performed inside S) You can't do this with iptables. NAT rules only match the first packet of a connection, and the NAT mapping that is determined for that first packet is applied to all subsequent packets in that connection. Futhermore, it doesn't make sense to do this. The client will receive packets from your arbitarily assigned source address, but will not know what to do with them since it never sent any packets to that address, and so it will just drop them.
