On 04/15/08 11:22, Fabio De Paolis wrote:
Absoluttely CORRECT, your description is very very good.
*nod* Now I know that I am on track and that it is safe to go down the
path that I was thinking about.
Another goal should be to minimize traffic on C for service running on D.
Hum. This new goal may be problematic. The problem is that A is
DNATing traffic to C that you now want to be re-directed elsewhere. So
with out re-configuring A, the traffic is going to continue to be DNATed
to C. What is better in the long run is to have A DNAT the traffic to B
which will then DNAT the traffic in to D.
How much control do you have over B?
Can you request changes be made to A on your behalf?
I recently helped someone else on this list with a similar scenario.
However in their scenario both C and D were directly connected to the
internet via different providers and there was a VPN between C and D.
The goal was to port forward connections originally to C over to D and
have the replies go back through C and out to the original client. We
ended up getting things to work exactly as they needed to. However all
the traffic for the forwarded service was still passing through C on its
way to D, which you are now wanting to avoid.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
