Just reread what you wrote... You mean you have an application talking to another application on the same host, and can you SNAT and DNAT that traffic to instead target another host? In that case I'm not sure. Not sure if the image I linked to covers traffic local to a system. /Oskar 2009/5/28 Oskar Berggren <oskar.berggren@xxxxxxxxx>: > See http://jengelh.medozas.de/images/nf-packet-flow.png > > /Oskar > > > 2009/5/28 Sharevon <sharevon@xxxxxxxxx>: >> Hi, >> >> The scenario is like, >> >> There is a system, which has a LAN interface with ip 192.168.1.1/32 >> and a WAN interface with ip, let's say, 10.0.0.1/32. >> There are some nat rules in nat table, trying to map traffic from >> {src:192.168.1.1:5000, dst:192.168.1.1:6000} to {src:10.0.0.1:6000, >> dst:10.0.0.2:5000}. >> Will this nat rules take effect on this local ip traffic? >> >> I mean if an application send a ip traffic with src:192.168.1.1:5000 >> and dst:192.168.1.1:6000. Was nat rule supposed to be applied to >> change it to an ip traffic with src:10.0.0.1:6000 and >> dst:10.0.0.2:5000? or the system just send the ip traffic to >> 192.168.1.1:6000 directly without nat rules taking effect. >> >> In my system, it seems like nat rules didn't apply to the traffic, >> because another application on the other system with ip 10.0.0.2 >> didn't receive any traffic on port 5000. But I'm not sure if other >> factors impact this, making it looks like the nat rules never be >> applied. >> >> Thanks >> Sean Feng >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
