From: "Dec0y" <anti_decoy@sina.com>
To: "Netfilter Development Mailinglist"
<netfilter-devel@lists.netfilter.org>
Subject: Re: [netfilter-core] (no subject)
Date: Mon, 31 Mar 2003 09:34:10 +0800 [thread overview]
Message-ID: <007001c2f725$a1dcd4d0$5b01aa0a@Dec0y> (raw)
In-Reply-To: 20030328115850.GU25471@sunbeam.de.gnumonks.org
[-- Attachment #1: Type: text/plain, Size: 2681 bytes --]
Can some body help me?
I want to Redirect all the packet through my Linux machine in the FORWARD of filter table by write a target, and I have realized it . But there is a little wrong with it.
The packets that will be processed(SNAT) in the POSTROUTING can be redirected correctly , But the packets that have been processed(DNAT) in the PREROUTING can't be redirected correctly.
My Network As follow:
+------------+ 192.168.0.1
|192.168.0.2 |---------------------|
+------------+ +--------+---------+192.168.2.1 +---------------+
| Linux Machine |---------------| 192.168.2.2 |
+--------+---------+ +---------------+
+------------+ |192.168.1.1
|192.168.1.2 |---------------------+
+------------+
I have add the follwing rules:
iptables -t nat -A POSTROUTING -s 192.168.0.2 -d 0/0 -j SNAT --to 192.168.2.1
iptables -t nat -A PREROUTING -s 192.168.2.2 -d 192.168.2.1 -j DNAT --to 192.168.1.2
iptables -A FORWARD -s 192.168.0.2 -d 0/0 -j MY_TARGET
iptables -A FORWARD -s 192.168.2.2 -d 192.168.1.2 -j MY_TARGET
I want to Redirect all the packet through my Linux machine in the FORWARD of filter table by MY_TARGET.
The packets that will be processed(SNAT) in the POSTROUTING can be redirected correctly , But the packets that have been processed(DNAT) in the PREROUTING can't be redirected correctly.
+-----------------------------------+
src=192.168.0.2 | REDIRECT |
SNAT: ------------------>|PREROUTING------->FORWARD---->...--|------->........
dst=0/0 | dst=192.168.2.1 |
+-----------------------------------+
the dst only change once from dst to 192.168.2.1
+--------------------------------------+
src=192.168.2.2 | dst=192.168.1.2 REDIRECT |
DNAT: ------------------>|PREROUTING----------->FORWARD----->..-|------->........
dst=192.168.2.1 | dst=192.168.2.1| |
+--------------------------------------+
the dst need to change twice !
Can some body help me?
__________________________________________________________
----- Original Message -----
From: Harald Welte
To: Dec0y
Cc: Netfilter Development Mailinglist
Sent: Friday, March 28, 2003 7:58 PM
Subject: Re: [netfilter-core] (no subject)
[-- Attachment #2: Type: text/html, Size: 9473 bytes --]
next prev parent reply other threads:[~2003-03-31 1:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <004701c2f502$8da118c0$5b01aa0a@Dec0y>
2003-03-28 11:58 ` [netfilter-core] (no subject) Harald Welte
2003-03-31 1:34 ` Dec0y [this message]
2003-03-31 5:37 ` Patrick Schaaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='007001c2f725$a1dcd4d0$5b01aa0a@Dec0y' \
--to=anti_decoy@sina.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.