Re: De-SNAT-ing and DNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Willi Mann <newsletters@wm1.at>
To: netfilter@lists.netfilter.org, jal@mcs.le.ac.uk
Subject: Re: De-SNAT-ing and DNAT
Date: Tue, 25 Feb 2003 20:23:14 +0100	[thread overview]
Message-ID: <3E5BC2A2.50903@wm1.at> (raw)
In-Reply-To: <20030225180802.26030.80793.Mailman@kashyyyk>

I'm sure, but I would say based on my experience, that you will not see 
the packets that go into the other direction.
I haven't tried but maybe you can use the LOG-target in PRE/POSTROUTING. 
You will see which source and destination the packets have.


Willi

>--__--__--
>
>Message: 5
>Date: Tue, 25 Feb 2003 16:59:57 +0000 (GMT)
>From: "J. A. Landamore" <jal@mcs.le.ac.uk>
>Reply-To: "J. A. Landamore" <jal@mcs.le.ac.uk>
>Subject: De-SNAT-ing and DNAT
>To: netfilter@lists.netfilter.org
>
>Please excuse my ignorance with this, but I'm trying to pick the bones out of an 
>iptables configuration that has been dropped in my lap.
>
>I have a lan of machines on a 192.168. network with an iptables box to the real 
>world.  If I apply SNAT I can map all the internal addresses to the one real 
>world facing assigned address.  I assume that when packets come back they are 
>"de-SNAT"ed before passing back onto the private lan, and that this happens in 
>the "PREROUTING" path.  My question is, does the "de-SNAT" happen before or 
>after the "PREROUTING" DNAT?
>
>Why, because I need to make a DNAT decision based on the original _source_ 
>address, i.e. which machine originally sourced the packet.
>
>Thanks for your help
>
>John Landamore
>
>
>  
>

next      parent reply	other threads:[~2003-02-25 19:23 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20030225180802.26030.80793.Mailman@kashyyyk>
2003-02-25 19:23 ` Willi Mann [this message]
2003-02-25 16:59 De-SNAT-ing and DNAT J. A. Landamore
2003-02-25 19:03 ` Cedric Blancher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E5BC2A2.50903@wm1.at \
    --to=newsletters@wm1.at \
    --cc=jal@mcs.le.ac.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.