Re: DNAT - newbie question

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "curby ." <curby.public@gmail.com>
To: Dharanikanth Dugginni <dharanikanthd@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: DNAT - newbie question
Date: Wed, 3 Aug 2005 14:55:20 -0600	[thread overview]
Message-ID: <5d2f379105080313556d4e95ed@mail.gmail.com> (raw)
In-Reply-To: <7f22af9005072815367ee89a78@mail.gmail.com>

On 7/28/05, Dharanikanth Dugginni <dharanikanthd@gmail.com> wrote:
> Lets suppose a host h1 is sending packets to addr N1 (this is the addr
> for NAT box)  I want to change this addr to a different addr which
> will not be known until after few packets arrive from h1 to n1.
> (Appears from the conntrack and NAT tables documenatation that after
> the first packet, the DNAT table will not be used any more).  Is there
> a way to force subsequent pacekets in the same stream to always use
> the DNAT table?

Are you using stateful rules?  If not, your DNAT rule handles packets
heading to N1, and NAT code transparently deals with packets heading
the other way.  If you are using an ESTABLISHED state-matching rule,
then only the first packet matches the DNAT rule, and then state
matching rule allows subsequent packets through, while NAT still
happens in the background.  At least I think so. =)

     prev parent reply	other threads:[~2005-08-03 20:55 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-28 22:36 DNAT - newbie question Dharanikanth Dugginni
2005-08-03 20:55 ` curby . [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5d2f379105080313556d4e95ed@mail.gmail.com \
    --to=curby.public@gmail.com \
    --cc=dharanikanthd@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox