hi ,
I have a linux machine'( say B ) with two interfaces ( eth0
-192.168.1.1 and eth1 - 192.168.55.1 ) .This linux machine works as a
gateway machine . eth0 is connected to LAN network and eth1 is
connected to WAN network . below rules are applied on the gateway
machine .,
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j DROP
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j DROP
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE .
LAN ---> eth0 : Gateway linux machine :eth1 ---> WAN
We have machine called A , connected to LAN network and is assigned an
ip 192.168.1.100 and its gateway is machine B's eth0 interface (
192.168.1.1 ) .
if i access "google.com " from machine A , syn packet with dest ip as
a.b.c.d ( google.com ip ) and dest port 80 will go to machine B
(default gateway ) . Since we are masquerading all the packets , it
will change source ip with 192.168.55.1 and source port with some
random port ( say portx ) . Packets from server will be having
192.18.55.1 ip and port as portx . This will be changed to original ip
and port by conntrack module .
My qustion is : if i create a packet with source ip as 192.168.55.1
and dest port as portx , can i get into the machine B from WAN side .
Thanks,
Ratheesh.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
