Marty Leisner wrote:
[snip]
Right, I don't want any NAT -- I just want it to act as a tcp port relayer
(connection A-B is reflected on connection B-C)
where
A is the source
B is the relay machine
C is the destination
and all machines are on the same lan.
As I said, you need to do both redirection (destination NAT) and source
NAT. In this case, C will only see the IP of B (instead of A), so your
logs (on C) will be somewhat incomplete/inaccurate. This is similar to
running a proxy on B.
but as you see, this is circomvoluted and should be avoided if possible.
if you are trying to do this because the hostname of the C webserver
points to A (happens when C is a webserver reachable from outside), then
consider setting up an internal DNS (or at least an internal DNS view)
so that A goes to C directly.
An alternative is to use routing (on A and C) as Jan said. The problem
is that in this case all flow between A and C will go through B. Also,
consider disabling ICMP redirects (which B would send to both A and C
telling them they can reach each other directly) as appropriate.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
