forward again

forward again

[sc2]

hello
when i want forward ip > to > ip. (.51 > 58)
what i must do that it works? maybe a rule too on the destination adre to
reply with other source ip??
thx bye
--------------tables--------
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -F FORWARD
iptables -t nat -F


iptables -A FORWARD -p udp -d xx.xxx.xx.58 --dport 27021 -j ACCEPT
iptables -A PREROUTING -p udp -d xx.xxx.xx.51 --dport 27021 -j DNAT --to
62.116.24.58:27021
iptables -A FORWARD -p tcp -d xx.xxx.xx.58 --dport 27021 -j ACCEPT
iptables -A PREROUTING -p tcp -d xx.xxx.xx.51 --dport 27021 -j DNAT --to
xx.xxx.xx.58:27021

Re: forward again

[Antony Stone]

On Thursday 04 December 2003 12:21 pm, sc2@gmx.at wrote:

> hello
> when i want forward ip > to > ip. (.51 > 58)

> iptables -A PREROUTING -p tcp -d xx.xxx.xx.51 --dport 27021 -j DNAT --to
> xx.xxx.xx.58:27021

You cannot "forward" packets from one machine to another when they live on the 
same subnet (I assume that both xx.xxx.xx. in the above rule are the same), 
because the packets will not go through the netfilter machine.   They simply 
go direct from client to server and back again across the wire.

Netfilter can only influence packets which are being *routed through* the box 
it is running on (or which start or stop on the box itself) - ie from one 
subnet to another.

Antony.

-- 
Success is a lousy teacher.  It seduces smart people into thinking they can't 
lose.

 - William H Gates III

                                                     Please reply to the list;
                                                           please don't CC me.