Re: IPTABLES and NATTING

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ajith Adapa a écrit :
> Hi
> 
> Sorry I have some changes in my question as I am confused initially.
> 
>                      linuxbox (p.q.r.t)
>                             |
>                             |
> INTERNAL  ------ ABCD ----- INTERNET
>  (p.q.r.s)                               (m.n.o.k)

Please use a fixed-size font for ASCII art, otherwise it may appear all
garbled to readers. Here I see linuxbox linked to INTERNET instead of
ABCD, and m.n.o.k is linked to nothing.

> ABCD has 3 interfaces connected to linuxbox, INTERNAL N/W, INTERNET.
> 
> I am able to ping from INTERNAL to linuxbox. So there is a path
> available in routing table.
> 
> At present I am snatting the packets from linuxbox to INTERNET at
> ABCD. I have a small doubt regarding the FTP from linuxbox since I
> have to support ftp from linuxbox to both INTERNAL N/W as well as in
> INTERNET.

What kind of doubt ?

> How can I write a rule in iptables present in ABCD where it can decide
> if the destination ip-address of ftp server is within INTERNAL N/W or
> in INTERNET and do natting accordingly.

What kind of rule ? You can check whether the destination address is in
the internal subnet or you can check the output interface. Usually, SNAT
rules are based on the output interface.

Anyway, I do not see the relation with FTP. If you use FTP and NAT, you
need to load the FTP conntrack and NAT helper modules (nf_conntrack_ftp
and nf_nat_ftp), but you do not need to write specific NAT rules for FTP.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux