Re: Unmatchable packet? - Nikolai Georgiev

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nikolai Georgiev <voyager123bg@gmail.com>
To: Jesse Gordon <jesseg@nikola.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Unmatchable packet?
Date: Wed, 23 Nov 2005 02:46:24 +0200	[thread overview]
Message-ID: <4383BBE0.2020504@gmail.com> (raw)
In-Reply-To: <073501c5efab$b10ad390$5e00800a@printserver>

Jesse Gordon wrote:

> ----- Original Message ----- From: "Jesse Gordon" <jesseg@nikola.com>
>
>> My box is running a TCP service. When another box tries to my box, my
>> box
>
>
> I meant 'When another box tries to _connect to_ my box...'
>
> -Jesse
>
>> responds with a reply packet.(Just like it should.)
>> How do I match that (and all subsequent) reply packets so I can SNAT
>> on them?
>>
>> I even tried:
>>
>> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 222.222.222.222
>>
>> and sure enough, everything going out eth1 was 'from' 222.222.222.222
>> except the reply packets to incoming connections.
>>
>> Also tried -t nat OUTPUT, -t mangle OUTPUT, etc.. Nothing seemed to
>> work.
>>
>> Should I expect such a feat to be possible?
>>
>> Thanks!
>>
>> -Jesse
>>
>>
>>
>
I think you are looking for DNAT. Yep, you want to make DNAT. Lets
suppose you have 3 machines: A,B,C; A is behind B and you are on C. You
would want to make a DNAT rule on B to A in order to initiate
connections from C to A...

>
>
>

next prev parent reply	other threads:[~2005-11-23  0:46 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-22 20:58 Unmatchable packet? Jesse Gordon
2005-11-22 21:28 ` Jesse Gordon
2005-11-23  0:46   ` Nikolai Georgiev [this message]
2005-11-23  1:46     ` Jesse Gordon
2005-11-23  6:05       ` Philip Craig
2005-11-23  7:03         ` Jesse Gordon
2005-11-23  7:19           ` Philip Craig
2005-11-24 11:48             ` Jesse Gordon
2005-11-24 14:29               ` Robert Nichols
2005-11-25  1:11               ` Philip Craig
2005-11-28 19:11                 ` Jesse Gordon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4383BBE0.2020504@gmail.com \
    --to=voyager123bg@gmail.com \
    --cc=jesseg@nikola.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.