* prerouting and route
@ 2007-09-29 20:23 Oğuz Yarımtepe
2007-10-02 11:29 ` Pascal Hambourg
0 siblings, 1 reply; 2+ messages in thread
From: Oğuz Yarımtepe @ 2007-09-29 20:23 UTC (permalink / raw)
To: netfilter
Hi,
I gave some points that i couldnt visualize.
First question is related with the route command. Lets say i defined a local
route as,
route add 10.2.0.0 netmask 255.255.255.0 gw 10.2.0.1 dev eth1
and while i am configuring iptables i wrote some rules:
# delete all existing rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -t nat -A PREROUTING -i eth0 -p ALL -d 10.2.0.0/24 -j DNAT --to
10.2.0.1
At this point i ask myself whether i need this rule, because i had already
defined a route while configuring interfaces. So is there a relation between
route definitions and prerouting, is it unnecessary to define a local route
and try to the same thing with iptables?
Second, i have a rule as,
iptables -t nat -A PREROUTING -i eth1 -p ALL -j DNAT --to 192.168.1.4
192.168.1.4 is the ip of eth0 which is plugged to a gateway with the ip
192.168.1.3. If i send a package from eth1 to lets say 192.168.1.10, its
destination address is replaced with 192.168.1.4. After this point, will it
continue to 192.168.1.3? If yes how?
Thanx.
--
Oğuz Yarımtepe
http://www.yarimtepe.com/en
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: prerouting and route
2007-09-29 20:23 prerouting and route Oğuz Yarımtepe
@ 2007-10-02 11:29 ` Pascal Hambourg
0 siblings, 0 replies; 2+ messages in thread
From: Pascal Hambourg @ 2007-10-02 11:29 UTC (permalink / raw)
To: netfilter
Hello,
Oguz Yarimtepe a écrit :
>
> I gave some points that i couldnt visualize.
> First question is related with the route command. Lets say i defined a local
> route as,
>
> route add 10.2.0.0 netmask 255.255.255.0 gw 10.2.0.1 dev eth1
Weird route. It looks like the gateway address belongs to the
destination range. If so, how do you reach the gateway ?
> and while i am configuring iptables i wrote some rules:
[...]
> iptables -t nat -A PREROUTING -i eth0 -p ALL -d 10.2.0.0/24 -j DNAT --to
> 10.2.0.1
>
> At this point i ask myself whether i need this rule,
The question is : what do you expect from this rule ?
> because i had already
> defined a route while configuring interfaces. So is there a relation between
> route definitions and prerouting,
Not directly. Routes tell how to route a packet, i.e. how it must be
sent out, mostly depending on its destination address, without altering
the destination address. DNAT rules say how to alter the destination
address, not how to route that destination.
In both cases here the packets will be sent to the gateway with address
10.2.0.1. But the difference is that routing does not change the
original destination address, and the gateway will forward the packets
to their final destination. With DNAT, the gateway becomes the final
destination.
> is it unnecessary to define a local route
> and try to the same thing with iptables?
I do not see what you mean.
> Second, i have a rule as,
>
> iptables -t nat -A PREROUTING -i eth1 -p ALL -j DNAT --to 192.168.1.4
>
> 192.168.1.4 is the ip of eth0 which is plugged to a gateway with the ip
> 192.168.1.3. If i send a package from eth1 to lets say 192.168.1.10, its
> destination address is replaced with 192.168.1.4. After this point, will it
> continue to 192.168.1.3? If yes how?
No. The new destination address belongs to the host which becomes the
final destination, so the packet will be received locally instead of
being forwarded.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-10-02 11:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-29 20:23 prerouting and route Oğuz Yarımtepe
2007-10-02 11:29 ` Pascal Hambourg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.