All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: [netfilter-core] (no subject)
       [not found] <004701c2f502$8da118c0$5b01aa0a@Dec0y>
@ 2003-03-28 11:58 ` Harald Welte
  2003-03-31  1:34   ` Dec0y
  0 siblings, 1 reply; 3+ messages in thread
From: Harald Welte @ 2003-03-28 11:58 UTC (permalink / raw)
  To: Dec0y; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 734 bytes --]

On Fri, Mar 28, 2003 at 04:18:02PM +0800, Dec0y wrote:
> Hi!
> 
> Can  REDIRECT be realized in FORWARD?!

Pleae read http://www.netfilter.org/contact.html

you seem to be misunderstanding about everything in netfilter
architecture.  

FORWARD is a chain of the 'filter' table.  
REDIRECT is a target in the 'nat' table.

So the answer is: no way.

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [netfilter-core] (no subject)
  2003-03-28 11:58 ` [netfilter-core] (no subject) Harald Welte
@ 2003-03-31  1:34   ` Dec0y
  2003-03-31  5:37     ` Patrick Schaaf
  0 siblings, 1 reply; 3+ messages in thread
From: Dec0y @ 2003-03-31  1:34 UTC (permalink / raw)
  To: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 2681 bytes --]


Can some body help me?

I want to Redirect all the packet through my Linux machine in the FORWARD of filter table by write a target, and I have realized it . But there is a little wrong with it. 

The packets that will be processed(SNAT) in the POSTROUTING can be redirected correctly ,  But the packets that have been processed(DNAT) in the PREROUTING can't be redirected correctly. 

My Network As follow:



+------------+                    192.168.0.1
|192.168.0.2 |---------------------|
+------------+            +--------+---------+192.168.2.1    +---------------+
                          |   Linux Machine  |---------------| 192.168.2.2   |
                          +--------+---------+               +---------------+
+------------+                     |192.168.1.1
|192.168.1.2 |---------------------+
+------------+

I have add the follwing rules:
 
iptables -t nat -A POSTROUTING -s 192.168.0.2 -d 0/0 -j SNAT --to 192.168.2.1
iptables -t nat -A PREROUTING -s 192.168.2.2 -d 192.168.2.1 -j DNAT --to 192.168.1.2

iptables -A FORWARD -s 192.168.0.2 -d 0/0 -j MY_TARGET
iptables -A FORWARD -s 192.168.2.2 -d 192.168.1.2 -j MY_TARGET

I want to Redirect all the packet through my Linux machine in the FORWARD of filter table by MY_TARGET.

The packets that will be processed(SNAT) in the POSTROUTING can be redirected correctly ,  But the packets that have been processed(DNAT) in the PREROUTING can't be redirected correctly. 



                                                       
                                                
                         +-----------------------------------+
      src=192.168.0.2    |                  REDIRECT         |
SNAT: ------------------>|PREROUTING------->FORWARD---->...--|------->........
      dst=0/0            |                   dst=192.168.2.1 |      
                         +-----------------------------------+

the dst only change once from dst to 192.168.2.1


                         +--------------------------------------+
      src=192.168.2.2    |      dst=192.168.1.2  REDIRECT       |
DNAT: ------------------>|PREROUTING----------->FORWARD----->..-|------->........
      dst=192.168.2.1    |                       dst=192.168.2.1|            |      
                         +--------------------------------------+

the dst need to change twice !
 

Can some body help me?
__________________________________________________________

  ----- Original Message ----- 
  From: Harald Welte 
  To: Dec0y 
  Cc: Netfilter Development Mailinglist 
  Sent: Friday, March 28, 2003 7:58 PM
  Subject: Re: [netfilter-core] (no subject)



[-- Attachment #2: Type: text/html, Size: 9473 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [netfilter-core] (no subject)
  2003-03-31  1:34   ` Dec0y
@ 2003-03-31  5:37     ` Patrick Schaaf
  0 siblings, 0 replies; 3+ messages in thread
From: Patrick Schaaf @ 2003-03-31  5:37 UTC (permalink / raw)
  To: Dec0y; +Cc: Netfilter Development Mailinglist

> Can some body help me?
> 
> I want to Redirect all the packet through my Linux machine in the FORWARD of filter table by write a target, and I have realized it . But there is a little wrong with it. 

Of course you can fit a second gear box in the middle of your car.
Just don't ask the car manufacturer whether they could add it as
an option, and how they would best integrate it. They'll answer that
there's already a fully operational gear box in the place where it
should be, and you are on your own fitting the second one.

I doubt that you will get more useful replies than the
replies you got from Harald Welte, and now from me.
If you do, unlikely as that is, please don't feel
encouraged in any way.

best regards
  Patrick

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-03-31  5:37 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <004701c2f502$8da118c0$5b01aa0a@Dec0y>
2003-03-28 11:58 ` [netfilter-core] (no subject) Harald Welte
2003-03-31  1:34   ` Dec0y
2003-03-31  5:37     ` Patrick Schaaf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.