I want to Redirect all the packet through my Linux
machine in the FORWARD of filter table by write a target, and I have realized it . But there is a little wrong with it.
The packets that will be processed(SNAT) in the
POSTROUTING can be redirected correctly , But the packets that have been
processed(DNAT) in the PREROUTING can't be redirected correctly.
My Network As follow:
+------------+
192.168.0.1
|192.168.0.2 |---------------------|
+------------+
+--------+---------+192.168.2.1 +---------------+
|
Linux Machine |---------------| 192.168.2.2
|
+--------+---------+
+---------------+
+------------+
|192.168.1.1
|192.168.1.2 |---------------------+
+------------+
I have add the follwing rules:
iptables -t nat -A POSTROUTING -s 192.168.0.2 -d 0/0
-j SNAT --to 192.168.2.1
iptables -t nat -A PREROUTING -s 192.168.2.2 -d
192.168.2.1 -j DNAT --to 192.168.1.2
iptables -A FORWARD -s 192.168.0.2 -d 0/0 -j
MY_TARGET
iptables -A FORWARD -s 192.168.2.2 -d 192.168.1.2 -j
MY_TARGET
I want to Redirect all the packet through my Linux
machine in the FORWARD of filter table by MY_TARGET.
The packets that will be processed(SNAT) in the
POSTROUTING can be redirected correctly , But the packets that have been
processed(DNAT) in the PREROUTING can't be redirected correctly.
+-----------------------------------+
src=192.168.0.2 | REDIRECT
|
SNAT:
------------------>|PREROUTING------->FORWARD---->...--|------->........
dst=0/0
| dst=192.168.2.1 |
+-----------------------------------+
the dst only change once from dst to
192.168.2.1
+--------------------------------------+
src=192.168.2.2 |
dst=192.168.1.2 REDIRECT
|
DNAT:
------------------>|PREROUTING----------->FORWARD----->..-|------->........
dst=192.168.2.1
|
dst=192.168.2.1| |
+--------------------------------------+
the dst need to change twice !
Can some body help me?
__________________________________________________________
----- Original Message -----
Sent: Friday, March 28, 2003 7:58 PM
Subject: Re: [netfilter-core] (no
subject)