Re: port redirection *without* nat

[Athan <netfilter@miggy.org>]

[-- Attachment #1: Type: text/plain, Size: 1604 bytes --]

On Mon, Jan 06, 2003 at 02:17:53PM -0500, sm@rhythm.cx wrote:
> I'm trying to figure out how (if possible) to do port redirection with
> iptables on my linux router. This router is is not doing NAT, all connected
> networks have real, public IP addresses. There is tons of information out
> there about doing port redirection with NAT, but I can't find anything for
> without NAT. I just want to make the router take traffic destined for
> address A port x and change the destination address to send it off to
> address B port x instead. A and B are on the same (directly attached
> ethernet) network. I looked into the DNAT and REDIRECT targets, but those
> only seem to work in the nat table.

   Um, think about it.   You DO want 'NAT' of some sort for this.

Connection comes in from 1.2.3.4:1234 destined to A:x.  You want this to
be handled by B:x.  So you use a DNAT or REDIRECT to re-write the
destination, good, now have the connection ultimately ending up at B:x.
But as far as 1.2.3.4:1234 is concerned it IS talking to A:x, so the
return packets MUST be rewritten to come back from A:x, which is what
DNAT will do.
  If you want B:x to completely handle the connection then you need the
clients to be just connecting to it directly in the first place, with
requisite INPUT/FORWARD rules setup to allow this.

-Ath
-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]