On Apr 29 2007 18:50, Martijn Lievaart wrote: > Adam wrote: >> I am wondering weather this is possible. I have one port and one public IP >> address lets say: >> >> 34.123.22.33:5615 >> >> If I connect using SSH I want to DNAT to port 22, if I connect using SSL I >> want to DNAT to port 443, if I connect using HTTP I want to DNAT to port >> 80. >> >> If this kind of upper layer protocol determination possible? If so, is >> netfiter the application to do it? >> > > No, this is not (easily) possible, and certainly not with iptables. The reason > is that you need a complete three way handshake before data starts flowing and > you can determine what protocol is spoken. However, NAT must act at all > packets, from the first. Besides, if you could start NATting at a certain > point, the recipient would not see the three way handshake, so you cannot > connect to your final destination. > > Your only hope is some kind of proxy. And if you find it, please let me know, > I would be very interested as well. rinetd Jan --
