Re: Re: unexpected problem with DNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jan Humme <jan.humme@xs4all.nl>
To: Antony Stone <Antony@Soft-Solutions.co.uk>, netfilter@lists.samba.org
Subject: Re: Re: unexpected problem with DNAT
Date: Wed, 10 Jul 2002 20:15:26 +0200	[thread overview]
Message-ID: <0207102015260C.04513@Lms> (raw)
In-Reply-To: <20020710174859.LNZJ23840.mta03-svc.ntlworld.com@there>

On Wednesday 10 July 2002 19:42, Antony Stone wrote:
> On Wednesday 10 July 2002 5:53 pm, Jan Humme wrote:
> > On Wednesday 10 July 2002 17:55, Antony Stone wrote:
> > > If the original poster doesn't know what addresses s/he wishes to
> > > block, then I can't think of a netfilter rule which will help :-)
> >
> > Harty-har-har.........!
> >
> > But I still don't understand the reason why you would mark (or even DROP)
> > packages at the mangle stage, if the same source IP is still available at
> > the filter stage?
>
> Simple - I got confused by the Subject of the mail thread, and I thought
> the problem was with DNAT, not SNAT.
>
> Of course you are correct that SNAT is done at the *end* of all the
> filtering, therefore any blocking can be done at the FORWARDing stage.
>
> I thought the problem was to block a connection based on its original
> destination address, which had been lost by being DNATted in the PREROUTING
> chain, and therefore it was no longer possible to filter on destination
> address in the FORWARDing chain.
>
> Hope this explains at least part of my confusion, and therefore some of
> yours about my postings ?

It certainly does. Just thought that perhaps there was some clever trick that 
I missed, as I am only starting to get the hang of things.

In any case, we still don't know what the original poster is trying to 
achieve...!

Jan Humme.

     prev parent reply	other threads:[~2002-07-10 18:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-07-10 12:18 unexpected problem with DNAT thingstocome
2002-07-10 12:50 ` Jan Humme
2002-07-10 14:03   ` thingstocome
2002-07-10 14:26     ` Jan Humme
2002-07-10 14:43       ` Antony Stone
2002-07-10 15:49         ` Jan Humme
2002-07-10 15:55           ` Antony Stone
2002-07-10 16:53             ` Jan Humme
2002-07-10 17:42               ` Antony Stone
2002-07-10 18:15                 ` Jan Humme [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0207102015260C.04513@Lms \
    --to=jan.humme@xs4all.nl \
    --cc=Antony@Soft-Solutions.co.uk \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.