Hi Elison,
The conntrack subsystem knows about every connection.
So maybe you need to check that.
Elison Niven írta:
Hi List,
I have two interfaces eth0 and eth1 on my machine.
My machine has eth0 = 192.168.1.100 and eth1 = 172.16.1.100
The scenario is that I will be receiving packets at port 10000 on eth0
of my machine. I do not know from which IP the packets are being
received (Can be any machine - I do not need to apply a source address
matching rule).
You may not know the source IP, but your machine will, because it sees
the packets coming from eth0's network.
I need to forward these packets to another machine B that I do so with
this rule:
iptables -t nat -I PREROUTING -i eth0 -p udp \
--dport 10000 -j DNAT --to-destination 172.16.1.200
Note that I have not added any -s option to the rule for source
address matching.
This also works properly. Now I need to _know_ the source IP and
source Port of the packets that are being received at port 10000 on
eth0. (For example to send some data back to the _same_machine_ that
is sending packets at port 10000)
Again. If the conntrack (in your machine) knows the source IP/port
numbers then it will automagically replace them on the backroute.
It may be also a problem if your response packets are not SNAT-ed. (In
the case the sender machines sending the packets directly to your machine.)
How do I achieve this?
Best Regards,
Elison
Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
