From: "Leonardo Rodrigues Magalhães" <leolistas@solutti.com.br>
To: Dimitar Katerinski <train@bofh.bg>, netfilter@lists.netfilter.org
Subject: Re: transparent proxying NTP
Date: Sun, 27 Jun 2004 17:46:59 -0300 [thread overview]
Message-ID: <00e301c45c87$e6e2cc60$8b00000a@casa> (raw)
In-Reply-To: 40DF2B43.8060609@bofh.bg
If the DNATted machine is NOT the linux router that is doing the DNAT,
you WILL need the SNAT rule too. If you dont use, DNATted machine will try
to answer directly to the machine that requested the update. And that
machine is not expecting anything from that IP. So, SNATting to linux router
IP is needed if DNATting to a machine in the network.
Sincerily,
Leonardo Rodrigues
----- Original Message -----
From: "Dimitar Katerinski" <train@bofh.bg>
To: <netfilter@lists.netfilter.org>
Sent: Sunday, June 27, 2004 5:17 PM
Subject: Re: transparent proxying NTP
> Well if you think how transparent www proxy works, you may figure out how
to do transparent ntp proxying.
> The following rule should do the job:
> iptables -t nat -A PREROUTING -i eth1 -s $LAN_SUBNET -p udp --dport 123 -j
REDIRECT --to-ports 123
> also I think
> iptables -t nat -A PREROUTING -i eth1 -s $LAN_SUBNET -p udp --dport 123 -j
DNAT --to-destination 192.168.64.1:124
> might work, as I test it. You dont need the SNAT rule though. Test these
and give feedback.
>
next prev parent reply other threads:[~2004-06-27 20:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-27 19:43 transparent proxying NTP Folkert van Heusden
2004-06-27 20:17 ` Dimitar Katerinski
2004-06-27 20:46 ` Leonardo Rodrigues Magalhães [this message]
2004-06-27 20:48 ` Dimitar Katerinski
2004-06-28 14:45 ` Folkert van Heusden
2004-06-28 15:09 ` Dimitar Katerinski
2004-06-27 20:19 ` Leonardo Rodrigues Magalhães
2004-06-28 2:13 ` Dick St.Peters
2004-06-28 14:38 ` Folkert van Heusden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00e301c45c87$e6e2cc60$8b00000a@casa' \
--to=leolistas@solutti.com.br \
--cc=netfilter@lists.netfilter.org \
--cc=train@bofh.bg \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox