trying to get DNAT and SNAT working together.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christian Hedegaard <christian.hedegaard@trustcommerce.com>
To: netfilter@lists.netfilter.org
Subject: trying to get DNAT and SNAT working together.
Date: Fri, 15 Apr 2005 11:29:03 -0700	[thread overview]
Message-ID: <426007EF.1020903@trustcommerce.com> (raw)

Hey everyone. I'm trying to achieve something relatively simple (I think).

I want a machine to sit on a public IP. when a request comes in for that 
public IP, it redirects the packets to another machine on some public 
IP. (iptables DNAT)

when that machine gets the packet, it should think that it came from the 
iptables DNAT machine, and send it back there. which is where iptables 
SNAT comes in.

however. I can't seem to get the two working together.

in my office I have three machines.

1.87 (running apache)
1.72 (me)
1.85 (iptables)

I have these two rules:
iptables -t nat -A PREROUTING -p tcp -d 1.85 --dport 80 -j DNAT \
     --to-destination 1.87

iptables -t nat -A POSTROUTING -p tcp -d 1.87 --dport 80 -j SNAT \
     --to-source 1.85

theoretically, this says that packets destined for 80 coming to the 
iptables machine should get forwarded to the apache machine (1.87), and 
any packets destined for the apache machine should be SNAT'ed back to 
the firewall machine.

basically, I just want a totally transparent packet forwarder that will 
redirect traffic to the proper machine.

however, it's not working. something in my config is wrong and I can't 
figure it out.

-- 
Christian Hedegaard-Schou
Sr. Systems Administrator
TrustCommerce
2 Park Plaza, Suite 350
Irvine, CA 92614
(949) 387 - 3747
christian.hedegaard@trustcommerce.com
http://www.trustcommerce.com/

next             reply	other threads:[~2005-04-15 18:29 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-15 18:29 Christian Hedegaard [this message]
2005-04-15 18:48 ` trying to get DNAT and SNAT working together Bikrant Neupane
2005-04-15 19:22   ` Christian Hedegaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=426007EF.1020903@trustcommerce.com \
    --to=christian.hedegaard@trustcommerce.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.