Re: Using NAT to relay traffic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Jared Cook <jared@vsahost.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Using NAT to relay traffic
Date: Wed, 23 Mar 2005 18:37:20 -0600	[thread overview]
Message-ID: <42420BC0.6030700@riverviewtech.net> (raw)
In-Reply-To: <42420275.7030909@vsahost.com>

The problem that you are having when you port forward traffic from Box A to Box B is that the returning traffic comes directly from Box B to the client that sent the traffic in the first place thus you have an incorrect communications path.  Ironically I just had to work on a situation sort of similar to this one.  What I did in my situation to accomplish this was to DNAT the traffic destined to Box A over to Box B, like you have done.  You also need to SNAT the traffic leaving Box A on it's way Box B to be from Box A's IP so that when Box B replies it will reply back to Box A which will in turn reply back to the client system.  Thus you no longer have a triangle of client to Box a to Box B to client but rather client to Box A to Box B to Box A to client.  Let me know what your network config looks like if you would like me to come up with some iptables rules for you.

Reference my replies to "HELP! Transparent Proxy using bridging 2.6.9 and REDIRECT on	different subnet" thread for an example or email me and I'll try to provide more help.

Grant. . . .

Jared Cook wrote:
> I have two servers on two different networks.  I am running a service on 
> box A that I am transitioning to box B.  While I wait on DNS to 
> propagate, I would like to do some iptables magic to send traffic from 
> box A to box B using NAT.  For instance, when pop3 email users connect 
> to box A, I would like box A to send the request to box B 
> transparantly.  Is this possible?  I have had success doing port 
> forwarding to the local machine, but when I specify box B as the "--to", 
> it doesn't work.  Any help would be greatly appreciated.
> 
> Thanks,
> Jared
>

next prev parent reply	other threads:[~2005-03-24  0:37 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-23 23:57 Using NAT to relay traffic Jared Cook
2005-03-24  0:37 ` Grant Taylor [this message]
2005-03-24  8:44   ` Sietse van Zanen
2005-03-24 14:29     ` Jared Cook
2005-03-24 14:26   ` Jared Cook
2005-03-24 16:03     ` Grant Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42420BC0.6030700@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=jared@vsahost.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.