* I'm sure you can solve this
@ 2004-04-01 6:47 decompose
0 siblings, 0 replies; 2+ messages in thread
From: decompose @ 2004-04-01 6:47 UTC (permalink / raw)
To: netfilter
Hi Ive read the docs and still can't work it out (Yes I'm stupid)
Background: I want to forward traffic from hosts on the switch to
through router A to router B. (and later from router B to a host on the
switch, but i guess I could just invert the first problem).
I think one of the reasons i'm having trouble with this is because all
hosts are on the same subnet (here is the setup)
[switch]-->[router A]-->[router B]-->(Inet)
192.168.0/24
Ive tryed various things this being one of them (where x is a host on
the switch)
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.x -d 192.168.0.223
--destination-port 80
I hope my question is clear enough. Thanks in advance
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: I'm sure you can solve this
@ 2004-04-01 17:36 Daniel Chemko
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Chemko @ 2004-04-01 17:36 UTC (permalink / raw)
To: decompose, netfilter
Firstly, what benefit are you trying to get from having multiple jumps
on the same subnet? It seems needlessly complicated.
You can 'bounce' off an interface with some dirty work. Example:
# Redirect all traffic coming from 192.168.1.* to 192.168.1.222,
assuming that 192.168.1.222 is the default gateway for this gateway. I
am assuming the internal IP address of this computer is 192.168.1.200
# You don't need the mark, but what the hell, its there if you like it
:-)
iptables -t mangle -A PREROUTING -s 192.168.1.0/16 -j MARK --set-mark
222
iptables -t nat -A POSTROUTING -d 192.168.1.222 -m mark --mark 222 -j
SNAT --to 192.168.1.200
# Allow in-out forwarding if using locked down FORWARD chain
iptables -t filter -A FORWARD -i eth1 -o eth1 -j ACCEPT
Mind you, because of the SNAT, you have to drop the benefit of knowing
the source address at the second gateway.
-----Original Message-----
From: decompose [mailto:decompose@orcon.net.nz]
Sent: Wednesday, March 31, 2004 10:47 PM
To: netfilter@lists.netfilter.org
Subject: I'm sure you can solve this
Hi Ive read the docs and still can't work it out (Yes I'm stupid)
Background: I want to forward traffic from hosts on the switch to
through router A to router B. (and later from router B to a host on the
switch, but i guess I could just invert the first problem).
I think one of the reasons i'm having trouble with this is because all
hosts are on the same subnet (here is the setup)
[switch]-->[router A]-->[router B]-->(Inet)
192.168.0/24
Ive tryed various things this being one of them (where x is a host on
the switch)
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.x -d 192.168.0.223
--destination-port 80
I hope my question is clear enough. Thanks in advance
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-04-01 17:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-01 6:47 I'm sure you can solve this decompose
-- strict thread matches above, loose matches on Subject: below --
2004-04-01 17:36 Daniel Chemko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.