No worries, your comments got me thinking more about my problem, which is always a good thing, thanks again. /bill On Wednesday 02 December 2015 06:12, Adel Belhouane wrote: > Le 19/11/2015 19:52, Bill a écrit : > > For reference here is my diagram again: > >>>> local host dns/nat gateway remote host > >>>> 192.168.20.171 192.168.20.170 192.168.30.172 > >>>> 192.168.30.170 > >>>> inside ----->>> nat >>> ------ outside > > > > As you can see, DNAT would no do for my requirements since I'd have to > > add/delete iptables rules, which I supposed I could do, but doesn't seem > > te right approach. > > > > Now since my original posting I have been reading code and have manged to > > create an e'expect' connection by upgrading to the latest 4.4 kernel. In > > this version I find the sample test 'create-expect' works. > > > > After succeeding with this I realize I may need to build a kernel module > > for the expectation and have started looking at the kernel code for this, > > such as those for FTP etc. > > I didn't get before that the "ALG" part was essential. I read a summary > here: > https://www.juniper.net/documentation/en_US/junos12.1x47/topics/concept/sec >urity-alg-dns-overview.html > > So I still don't get exactly what you are looking for (sorry), but I > realize it's related to DNS data content, not just connections. Sorry to > have waisted your time with my replies and good luck with your project. > > > /bill > > regards, > Adel BELHOUANE. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
