From: Joel Newkirk <netfilter@newkirk.us>
To: sm@rhythm.cx, netfilter@lists.netfilter.org
Subject: Re: port redirection *without* nat
Date: Mon, 6 Jan 2003 19:35:13 -0500 [thread overview]
Message-ID: <200301061935.13614.netfilter@newkirk.us> (raw)
In-Reply-To: <20030106141753.A12922@infinity.rhythm.cx>
On Monday 06 January 2003 02:17 pm, sm@rhythm.cx wrote:
> I'm trying to figure out how (if possible) to do port redirection with
> iptables on my linux router. This router is is not doing NAT, all
> connected networks have real, public IP addresses. There is tons of
> information out there about doing port redirection with NAT, but I
> can't find anything for without NAT. I just want to make the router
> take traffic destined for address A port x and change the destination
> address to send it off to address B port x instead. A and B are on the
> same (directly attached ethernet) network. I looked into the DNAT and
> REDIRECT targets, but those only seem to work in the nat table.
What you say you are trying to do IS DNAT. A packet reaches the machine
addressed to one destination, but you want to send it to another address
instead, changing the Destination IP. Destination NAT. And yes, such
targets only work in the nat table's chains, and for DNAT you want to
use the PREROUTING chain. The REDIRECT target is for picking traffic
out of the stream that would normally be forwarded and DNATting it to
readdress it to the local box as INPUT instead.
The most frequently mentioned use of DNAT is for packets addressed to an
IP of the box itself, but this isn't necessary. DNAT is simply changing
the destination IP, regardless of what it originally was.
j
next prev parent reply other threads:[~2003-01-07 0:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-06 19:17 port redirection *without* nat sm
2003-01-06 23:25 ` Athan
2003-01-07 0:35 ` Joel Newkirk [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-01-06 19:12 port redirection *without* NAT Steve Benson
2003-01-07 22:08 ` Athan
2003-01-07 22:36 ` sm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200301061935.13614.netfilter@newkirk.us \
--to=netfilter@newkirk.us \
--cc=netfilter@lists.netfilter.org \
--cc=sm@rhythm.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.