Douh..... :(... cant't i redirect the packect from 127.0.0.1 to 192.168.0.5 and then 192.168.0.3 ?... so 127.0.0.1 and 192.168.0.5 are in the same host and 0.3 its another phisical PC.... this it's possible ? Thanks :D ! Alan Jairo Acosta On Thu, Nov 27, 2008 at 6:42 PM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Zagato a écrit : >> >> Hi.... im trying to forward the conecction to mail services like smtp( >> port 25) from one pc to another, im using: >> >> _mail_services=25,110,143,995,993 >> _mailserver=192.168.0.3 >> iptables -t mangle -A ftolocal -p tcp -m multiport --destination-ports >> $_mail_services -j MARK --set-mark 1 >> iptables -t nat -A ftolocal -p tcp -m multiport --destination-ports >> $_mail_services -j DNAT --to-destination 192.168.0.3 >> >> where ftolocal its a chain name for mangle and nat... >> >> the ip addres source it's 192.168.0.5 and i want to send localhost >> connections to 192.168.0.3... >> when i use the lines above i can: >> telnet 192.168.0.5 25 >> and it works... giving me: >> Trying 192.168.0.5... >> Connected to beta.gps.com.co (192.168.0.5). >> Escape character is '^]'. >> 220 alpha.gps.com.co ESMTP Postfix >> >> But when i use: >> telnet localhost 25 or telnet 127.0.0.1 25 tha must be equal i get.. >> Trying 127.0.0.1... >> and statys there forever..... > > The difference may lie in the source address. When you send a packet to a > local address (127.0.0.0/8, 192.168.0.5) and don't set an explicit source > address (with -b in telnet), the linux kernel selects the same local address > for the source address. After matching the DNAT rule, packets are rerouted > to the network interface through which the new destination can be reached > instead of the loopback interface. However the kernel routing prohibits > sending packets with a loopback address to a non loopback interface, i.e. > outside the host. So packets with source address 192.168.0.5 are sent out, > but packets with source address 127.0.0.1 are discarded. An additional SNAT > rule wouldn't help here because it would take place after the packet has > been discarded. > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
