Re: port redirection *without* NAT

[Athan <netfilter@miggy.org>]

[-- Attachment #1: Type: text/plain, Size: 1740 bytes --]

On Mon, Jan 06, 2003 at 02:12:42PM -0500, Steve Benson wrote:
> I'm trying to figure out how (if possible) to do port redirection with
> iptables on my linux router. This router is is not doing NAT, all connected
> networks have real, public IP addresses. There is tons of information out
> there about doing port redirection with NAT, but I can't find anything for
> without NAT. I just want to make the router take traffic destined for
> address A port x and change the destination address to send it off to
> address B port x instead. A and B are on the same (directly attached
> ethernet) network. I looked into the DNAT and REDIRECT targets, but those
> only seem to work in the nat table.

   Didn't you already ask this and myself and someone else replied with
"yes you want DNAT".

   Client C, router A, server B.

	C:x -> A:y
	DNAT port y -> B:z
	A passes through C:x -> B:z, and remembers this
	B replies from port z to C:x
	A Sees this, remembers and changes it back to A:y -> C:x
	voila, working two way TCP connection.

The other way, given you have all public IPs, is to forget  rewriting,
if you want the packets to be served by B:z then just damned well tell
clients to connect there in the first place, then A just forwards
packets backwards and forwards without changing anything.

   C <---> Internet <---> eth0 A eth1 <----> B

On A:

	iptables -A FORWARD -i eth0 -d B -j ACCEPT
	iptables -A FORWARD -i eth1 -s B -j ACCEPT

-Ath
-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]