DNAT - newbie question

DNAT - newbie question

[Dharanikanth Dugginni]

Hello,

How do I dynamically change the destination address when performing
the DNAT functionality?

Lets suppose a host h1 is sending packets to addr N1 (this is the addr
for NAT box)  I want to change this addr to a different addr which
will not be known until after few packets arrive from h1 to n1.
(Appears from the conntrack and NAT tables documenatation that after
the first packet, the DNAT table will not be used any more).  Is there
a way to force subsequent pacekets in the same stream to always use
the DNAT table?

Any pointers on the dependencies between conntrack and NAT are also
highly appreciated.

Thanks,
-Dhar

Re: DNAT - newbie question

[curby .]

On 7/28/05, Dharanikanth Dugginni <dharanikanthd@gmail.com> wrote:
> Lets suppose a host h1 is sending packets to addr N1 (this is the addr
> for NAT box)  I want to change this addr to a different addr which
> will not be known until after few packets arrive from h1 to n1.
> (Appears from the conntrack and NAT tables documenatation that after
> the first packet, the DNAT table will not be used any more).  Is there
> a way to force subsequent pacekets in the same stream to always use
> the DNAT table?

Are you using stateful rules?  If not, your DNAT rule handles packets
heading to N1, and NAT code transparently deals with packets heading
the other way.  If you are using an ESTABLISHED state-matching rule,
then only the first packet matches the DNAT rule, and then state
matching rule allows subsequent packets through, while NAT still
happens in the background.  At least I think so. =)