Re: redirection trouble

[Martín <martin@familia-fiumara.com.ar>]

Ok, I think I got it... but does not work. I see the traffic being 
redirected, but the conection gets lost, I got this in the snuiffer:

02:02:51.640513 192.168.2.1 > 192.168.2.5: icmp: 192.168.2.1 udp port 10000 
unrachable [tos 0x40]

Any Idea?




En Tue, 4 Nov 2003 11:20:42 +0800, Edmund Turner <eturner@monash.edu.my> 
escribió:

>
>
> Martin, Alistairs explanation and solution is correct.
> In short 192.168.2.5 will only see traffic thru and fro 192.168.2.1
> @port 10000. Put a packet analyser or a sniffer on 192.168.2.5 to
> confirm.
> In Iptables if you do a prerouting as such :
>
> #This will redirect all packets to 192.168.2.1 dport 10000 to
> 200.24.24.200:10000
>
> iptables -t nat -I PREROUTING -i eth1 -d 192.168.2.1 -p udp --dport
>> 10000 -j DNAT --to 200.45.45.200:10000
>
> You don’t have to worry about the packets coming in back from
> 200.24.24.200. They will be tracked and sent back to 192.168.2.5 as
> source IP of 192.168.2.1. Im not sure which module is responsible for
> this, but I think its done by the ip_conntrack module. Maybe someone can
> enlighten us on this?
>
>
> Regards
> edmund
>
>> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Martín
> Sent: Tuesday, November 04, 2003 10:37 AM
> To: alistair@nerdnet.ca
> Cc: netfilter@lists.netfilter.org
> Subject: Re: redirection trouble
>
> En Mon, 3 Nov 2003 21:21:09 -0500, Alistair Tonner <Alistair@nerdnet.ca>
>
> escribió:
>
>> On November 3, 2003 08:53 pm, Martín wrote:
>>> This is the situation:
>>>
>>>
>>>
>>> Internal LAN machine (192.168.2.5)
>>>
>>>
>>>
>>> (eth1 192.168.2.1) NAT LINUX ( eth0 192.168.1.10 > adsl ppp0 IP
> dinamic)
>>>
>>>
>>>
>>> Server 200.45.45.200 (service at port 10000)
>>>
>>>
>>>
>>> This is what I intend to do:
>>> For particular reasons, I need that a soft at 192.168.2.5 comunicate 
>>> with a
>>> server with a service at port 10000 (UDP), but this can´t be done 
>>> through
>>> normal NAT. So i want to establish a link between both (server and
>>> 192.168.2.5) manually useing the NAT LINUX
>>> So, 192.168.2.5 comunicates to 192.168.2.1 port 10000, the NAT LINUX
>>> redirect this traffic to the server 200.45.45.200 port 10000. The
> server
>>> will respond to the NAT LINUX who will redirect this traffic to 
>>> 192.168.2.5
>>> (port 10000 also)
>>> I try to do all this in this way:
>>>
>>>
>>> iptables -t nat -I PREROUTING 1 -i eth1 -d 192.168.2.1 -p udp --dport
>
>>> 10000
>>> -j DNAT --to 200.45.45.200
>>>
>>> iptables -t nat -I POSTROUTING 1 -o eth0 -p udp --dport 10000 -j SNAT



-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/