[ale] NAT And traffic redirection
Christopher Fowler
cfowler at outpostsentinel.com
Fri Dec 8 19:00:40 EST 2006
I'm trying to use SNAT in combination with DNAT
Based on this document:
http://linux-ip.net/html/nat-dnat.html
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 192.168.1.117
to:192.168.9.5
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere
to:192.168.9.254
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MY eth0 network is 192.168.1.0 and eth1 192.168.9.0. On my 192.168.1.0
subnet should a ping to 192.168.1.117 not be forwarded to 192.168.9.5?
On the gateway (my desktop) eth0 is 192.168.1.115 and eth1 is
192.168.9.254. I want to ping 192.168.9.5 from the 192.168.1.0 subnet
without adding a host based route of 192.168.9.5 -> 192.168.1.115 on my
firewall. As I read that document I assume that my desktop
(192.168.1.115) will answer arp requests on behalf of 192.168.1.117 and
forward packets via DNAT to 192.168.9.5. tcpdump shows me that no one
is answering arp requests for 192.168.1.117
On Thu, 2006-12-07 at 12:36 -0500, Christopher Fowler wrote:
> Another problem I have is that the Window server is running https on 443
> as well as my Linux device. So I can't nat 443 to that server because
> then I can't get to the device. I also can't change the port to 444
> because this darn web interface on windows does redirects with an
> absolute URL thus removing :444 from what I typed in my browser and
> sending me back to my device.
>
> This is why this virtual address things keeps coming back into my head.
>
> On Thu, 2006-12-07 at 12:21 -0500, Christopher Fowler wrote:
> > On Thu, 2006-12-07 at 11:57 -0500, Robert L. Harris wrote:
> > > $IPTABLES -A Allow -p tcp --source aaa.bbb.ccc.0/24 --dport 9000 -j
> > > ACCEPT
> > > $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 9000 -j DNAT
> > > --to 192.168.7.8:9000
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list