Re: SSH Port Forwarding with iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

Pascal Hambourg írta:
You don't need SNAT nor masquerade. It hides the real source address
from the server. You just need to add a proper route on the server so it
knows how to reach the client address via the router.

Besides, the SNAT rule proposed by Gaspar could not help because it
works on the external interface, while the missing route on the server
requires SNAT/MASQUERADE on the internal interface.
After reading back the whole conversation I found out that you are right! :D
I just thought that we have here an usual "gateway/firewall" scenario.

So you really only need SNAT/MASQUERADE on any interface (mostly on the internet side) if your connected network (internet) does NOT knows anything about the other side of your gateway (your LAN).

Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux