Re: DNAT and local hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Pascal Hambourg a écrit :
3) NAT or MASQUERADE the source address of the redirected connections, so the replies from C1 are routed back to the firewall and can be properly un-DNATed before they reach C2 : 

iptables -t nat POSTROUTING -o eth0 -d 192.168.0.10 \
  -p tcp --dport 1234 -j SNAT --to-source <eth0_address>
Oops, I forgot "-s 192.168.0.0/24" in order to avoid hiding unnecessarily the source address of external connections to C2. 


or :

iptables -t nat POSTROUTING -o eth0 -d 192.168.0.10 \
  -p tcp --dport 1234 -j MASQUERADE


Same here.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux