Re: How to use DNAT - Italo Valcy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Italo Valcy <italo@dcc.ufba.br>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: netfilter@vger.kernel.org
Subject: Re: How to use DNAT
Date: Thu, 17 Feb 2011 18:30:50 -0300	[thread overview]
Message-ID: <4D5D938A.4050000@dcc.ufba.br> (raw)
In-Reply-To: <4D5D7F74.3090809@plouf.fr.eu.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Pascal,

Em 17-02-2011 17:05, Pascal Hambourg escreveu:
> 
> Target ? Do you mean the original destination address ?

Yes, that's it! ;)

> As long as incoming packets reach the interface, it does not matter how.

Yes, it just have to know how to reach the interface. Beacause of this
either I have to use the original destination address as a secondary
address of my firewall (machine running iptables) or start answer the
arp request for that IP. Right now, I'm using the secondary IP address
approach.

> 
> Please provide some details about the rule, packets...
> Note that iptables' NAT ignores packets in the INVALID state.

Well... so could be this: INVALID state... The packets are about a
netflow traffic (9996/UDP) comming to the firewall, which should be
redirected to a internal host (through the DNAT). How can I debug these
possible INVALID packets?

Thanks!

- -- 
Saudações,

Italo Valcy :: http://wiki.dcc.ufba.br/~ItaloValcy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1dk4oACgkQfidLqjN6RNG2tACglYQeFkqjl2HMXpzzLh0tJ3bY
aWwAoJj6t8t3v8q9vU14kO3m7dof0O5s
=ORCq
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2011-02-17 21:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-17 18:47 How to use DNAT Italo Valcy
2011-02-17 19:03 ` Jan Engelhardt
2011-02-17 19:17   ` Italo Valcy
2011-02-17 20:05 ` Pascal Hambourg
2011-02-17 21:30   ` Italo Valcy [this message]
     [not found] <184364666.3998.1297982398411.JavaMail.root@tahiti.vyatta.com>
2011-02-17 22:57 ` Steven Kath
2011-02-17 23:41   ` Pascal Hambourg
2011-02-18 12:50     ` Italo Valcy
2011-02-19  2:55       ` Atle Solbakken
2011-02-19  5:06         ` Pandu Poluan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D5D938A.4050000@dcc.ufba.br \
    --to=italo@dcc.ufba.br \
    --cc=netfilter@vger.kernel.org \
    --cc=pascal.mail@plouf.fr.eu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.