Re: newbie: forward rule to itself

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/27/2010 04:00 PM, Jan Engelhardt wrote:

On Wednesday 2010-10-27 21:47, Mauricio Tavares wrote:

I have the following rules to forward port 6969 coming on eth0 on server1 to
port 6969 on server2's eth0:

iptables -A PREROUTING -t nat -p tcp --dport 6969 -j DNAT --to
192.168.1.server2:6969
iptables -A INPUT -d 192.168.4.server1 -p tcp -m tcp -m state --state NEW
--dport 6969 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

That prerouting only applies to packets coming from devices connected to
the machine.

	How would the prerouting that applies to packets coming from the
machine itself look like?

Mean to say it without "that". The entire PREROUTING chain won't be considered
for nat.
Usually, you just directly connect to the proper address preferably
ith a DNS name if available. Alternate and rather redundant
communication ways are rinetd.

I am rather confused. Do you mean the prerouting chain is not considered for nat at all or just not for this specific case I had in mind?

Incidentally, I am not in love with those rules I created at all. All I want to do is to have any traffic to 192.168.4.server1:6969 will be sent to 192.168.1.server2:6969 no matter where it was originated from (be it somewhere in 192.168.1.0, 192.168.4.0, or even from withing server1). So far I cannot figure out a good way to accomplish that.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux