* Iptables special config
@ 2009-03-11 18:09 Vitor António das Neves Pinto
0 siblings, 0 replies; 3+ messages in thread
From: Vitor António das Neves Pinto @ 2009-03-11 18:09 UTC (permalink / raw)
To: netfilter
Dear all,
I have a question regarding a special configuration with
iptables, I hope you can help me:
- Behind the NAT there’s a terminal with IP1 that sends a
UDP packet to a host outside the NAT with IP2 (Source
port=1033 Dport= 123)
- The response to this packet (due to load balancing
issues) comes from a machine outside the NAT with IP3 (not
from IP2!!) with Source port=123 Dport=1033
Since iptables is configured as a port restricted NAT the
response packet is dropped not reaching terminal with IP1…
Any idea how to make the packet reach the terminal with
IP1?
I know that with a full cone nat this wouldn’t happen…
Best regards,
Vitor Pinto
^ permalink raw reply [flat|nested] 3+ messages in thread
* Iptables special config
@ 2009-03-12 11:32 Vitor António das Neves Pinto
2009-03-12 14:41 ` Покотиленко Костик
0 siblings, 1 reply; 3+ messages in thread
From: Vitor António das Neves Pinto @ 2009-03-12 11:32 UTC (permalink / raw)
To: netfilter
Dear all,
I have a question regarding a special configuration with
iptables, I hope you can help me:
- Behind the NAT there’s a terminal with IP1 that sends a
UDP packet to a host outside the NAT with IP2 (Source
port=1033 Dport= 123)
- The response to this packet (due to load balancing
issues) comes from a machine outside the NAT with IP3 (not
from IP2!!) with Source port=123 Dport=1033
Since iptables is configured as a port restricted NAT the
response packet is dropped not reaching terminal with IP1…
Any idea how to make the packet reach the terminal with
IP1?
I know that with a full cone nat this wouldn’t happen…
Best regards,
Vitor Pinto
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Iptables special config
2009-03-12 11:32 Iptables special config Vitor António das Neves Pinto
@ 2009-03-12 14:41 ` Покотиленко Костик
0 siblings, 0 replies; 3+ messages in thread
From: Покотиленко Костик @ 2009-03-12 14:41 UTC (permalink / raw)
To: Vitor António das Neves Pinto; +Cc: netfilter
В Чтв, 12/03/2009 в 11:32 +0000, Vitor António das Neves Pinto пишет:
> Dear all,
>
> I have a question regarding a special configuration with
> iptables, I hope you can help me:
> - Behind the NAT there’s a terminal with IP1 that sends a
> UDP packet to a host outside the NAT with IP2 (Source
> port=1033 Dport= 123)
> - The response to this packet (due to load balancing
> issues) comes from a machine outside the NAT with IP3 (not
> from IP2!!) with Source port=123 Dport=1033
>
> Since iptables is configured as a port restricted NAT the
> response packet is dropped not reaching terminal with IP1…
> Any idea how to make the packet reach the terminal with
> IP1?
> I know that with a full cone nat this wouldn’t happen…
On machine with IP3 try to do SNAT to IP2 for those packets. This should
fix your problem.
--
Покотиленко Костик <casper@meteor.dp.ua>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-03-12 14:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-12 11:32 Iptables special config Vitor António das Neves Pinto
2009-03-12 14:41 ` Покотиленко Костик
-- strict thread matches above, loose matches on Subject: below --
2009-03-11 18:09 Vitor António das Neves Pinto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox