From: Eric Leblond <eric@inl.fr>
To: Dominic Iadicicco <sctylib2004@yahoo.com>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: Can anyone tell me how to do this?
Date: Wed, 22 Sep 2004 16:25:10 +0200 [thread overview]
Message-ID: <1095863109.4393.9.camel@coati> (raw)
In-Reply-To: <20040922140922.36826.qmail@web51301.mail.yahoo.com>
On Wed, 2004-09-22 at 16:09, Dominic Iadicicco wrote:
> Hello all,
> My devil-Box is at 172.16.12.130 and I want all ssh
> request to this .130 address, to go to address
> 172.16.12.212.
go to : it's the easy part :
iptables -A PREROUTING -t nat -d 172.16.12.130 -p tcp -dport 22 \\
-j DNAT --to 172.16.12.212
well that's for go to. But let say A try to connect to 172.16.12.130 then
172.16.12.212 receive a connection from 1 and answer to A which wait
answer from 172.16.12.130. bad day for him.
The solution is to change source address of packets going to
172.16.12.212 :
iptables -A POSTROUTING -t nat -d 172.16.12.212 -p tcp --dport 22 \\
-j SNAT --to 172.16.12.130
thus we have the following :
A talks to 172.16.12.130
packet arrive to 172.16.12.212 with source 172.16.12.130
packet return to 172.16.12.130
which reemit to A.
BR,
--
Eric Leblond <eric@inl.fr>
INL
next prev parent reply other threads:[~2004-09-22 14:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-22 14:09 Can anyone tell me how to do this? Dominic Iadicicco
2004-09-22 14:25 ` Eric Leblond [this message]
2004-09-22 14:45 ` Dominic Iadicicco
2004-09-22 15:07 ` Eric Leblond
2004-09-22 15:29 ` Dominic Iadicicco
2004-09-22 14:29 ` Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2004-09-22 16:59 Daniel Chemko
2004-09-22 17:29 ` Alistair Tonner
2004-09-22 17:04 Hudson Delbert J Contr 61 CS/SCBN
2004-09-22 17:12 Daniel Chemko
2004-09-23 13:01 ` Eric Ellis
2004-09-23 13:22 ` Dominic Iadicicco
2004-09-23 14:55 ` Jason Opperisano
2004-09-23 15:14 ` Dominic Iadicicco
2004-09-23 16:15 ` Jason Opperisano
2004-09-23 16:44 ` Samuel Díaz García (ArcosCom)
2004-09-23 17:28 ` Dominic Iadicicco
2004-09-23 17:48 ` Jason Opperisano
2004-09-23 18:26 ` Dominic Iadicicco
2004-09-23 16:58 ` Dominic Iadicicco
2004-09-23 17:31 ` Jason Opperisano
2004-09-23 18:29 ` Aleksandar Milivojevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1095863109.4393.9.camel@coati \
--to=eric@inl.fr \
--cc=netfilter@lists.netfilter.org \
--cc=sctylib2004@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox