* help regarding DNAT
@ 2003-06-03 4:25 subramanya
0 siblings, 0 replies; 2+ messages in thread
From: subramanya @ 2003-06-03 4:25 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 477 bytes --]
i am a student doing my final year engineering project work.
i am faced with a problem:i want to DNAT all the packets and ia m using the following command:
iptables -t nat -I PREROUTING -p ALL -j DNAT -s xx.xx.xx.xx -d yy.yy.yy.yy --to-destination zz.zz.zz.zz
this works fine on a router. but this doesnot work on a machine that acts as a bridge. the packets that are entering the PREROUTING chain are lost in that chain.
what could the problem be? plz help
[-- Attachment #2: Type: text/html, Size: 1469 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: help regarding DNAT
@ 2003-06-03 22:20 George Vieira
0 siblings, 0 replies; 2+ messages in thread
From: George Vieira @ 2003-06-03 22:20 UTC (permalink / raw)
To: subramanya, netfilter
[-- Attachment #1: Type: text/plain, Size: 1580 bytes --]
You may need a bridge patch to make iptables work on a bridge... not 100% sure but that might be it.
A bridge links 2 network cards together basically, so it listens and learns ARP addresses on each side and basically proxys the ARP so link the 2 sides of the machine together making it almost 100% transparent... I've been told years ago that it bypasses the packets filtering because of this..
But that was years ago and I've been told since that there are patches to enable the filtering but I don't know much more than that..
hope that's some info for you..
Thanks,
____________________________________________
George Vieira
Citadel Computer Systems Pty Ltd Systems Manager georgev AT citadelcomputer DOT com DOT au
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 <http://www.citadelcomputer.com.au/> http://www.citadelcomputer.com.au
-----Original Message-----
From: subramanya [mailto:angeeras@satyam.net.in]
Sent: Tuesday, June 03, 2003 2:25 PM
To: netfilter@lists.netfilter.org
Subject: help regarding DNAT
i am a student doing my final year engineering project work.
i am faced with a problem:i want to DNAT all the packets and ia m using the following command:
iptables -t nat -I PREROUTING -p ALL -j DNAT -s xx.xx.xx.xx -d yy.yy.yy.yy --to-destination zz.zz.zz.zz
this works fine on a router. but this doesnot work on a machine that acts as a bridge. the packets that are entering the PREROUTING chain are lost in that chain.
what could the problem be? plz help
[-- Attachment #2: Type: text/html, Size: 5760 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-06-03 22:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-03 4:25 help regarding DNAT subramanya
-- strict thread matches above, loose matches on Subject: below --
2003-06-03 22:20 George Vieira
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox