Re: Using DNAT and SNAT to do a local redirection does not work (want to do what rinetd does with iptables)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Using DNAT and SNAT to do a local redirection does not work (want to do what rinetd does with iptables)
Date: Sat, 09 Jun 2007 18:43:43 -0500	[thread overview]
Message-ID: <466B3B2F.7090402@riverviewtech.net> (raw)
In-Reply-To: <466AFEBF.6000609@mayr-stefan.de>

On 6/9/2007 2:25 PM, Stefan Mayr wrote:
> An answer I often read but nobody says what's wrong with loopback. I 
> thought it depended on the rules of the scenarios (obviously too much 
> thinking involved here).

*nod*  There is nothing specifically wrong (per say) with loopback other 
than the kernel imposed security, which has been discussed elsewhere.  I 
guess this kernel imposed security is not in and of its self a bad thing 
so long as you are aware of it and have things like dummy to work around 
it.  ;)

> I really have to thank you for this enlightenment.

No problem.  I'm just glad that I was able to help.  I've all too often 
been working on a problem and not known the fact that was stopping me 
from making things work.  It is a way to either get gray hair or loose 
what little hair you may have left or worse yet both.

> I used dummy0 and now my iptables ruleset works.

Good.

> That is why I used the loopback-device and my /etc/sysctl.conf
> contains the following lines:
> 
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2

*nod*

> So arp-requests/announces are always answered/sent from the right 
> interface.

*nod*

> Now the lesson is learned, setup is up and running.

Good.

> Thanks,

You are welcome.  :)

Grant. . . .

     prev parent reply	other threads:[~2007-06-09 23:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-07 20:30 Using DNAT and SNAT to do a local redirection does not work (want to do what rinetd does with iptables) Stefan Mayr
2007-06-08  0:17 ` Grant Taylor
2007-06-09 19:25   ` Stefan Mayr
2007-06-09 23:43     ` Grant Taylor [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=466B3B2F.7090402@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.