On 11/28/07 11:45, Jason Hawthorne wrote:
So would the rules look like this than? Because it doesn't seem to be
working.
iptables -t nat -A POSTROUTING -d DESTINATION-IP -j SNAT --to-source
DEBIAN-IP
iptables -t nat -A PREROUTING -d DEBIAN-IP -j DNAT --to-destination
SOURCE-IP
No, you do not want to DNAT to SOURCE-IP. You want to do something like
the following:
On DEBIAN, you would want to do something like the following:
# Redirect traffic originally to DEBIAN to be to DESTINATION
iptables -t nat -A PREROUTING -d DEBIAN-IP -j DNAT --to-destination
DESTINATION-IP
# SNAT DNATed traffic from DEBIAN to DESTINATION to be from DEBIAN
iptables -t nat -A POSTROUTING -d DESTINATION-IP -j SNAT --to-source
DEBIAN-IP
SOURCE ---> DEBIAN ---> DESTINATION ---> DEBIAN ---> SOURCE
Grant. . . .
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
