On Wed, 3 Sep 2003 16:08:44 +0200 "[ staff ] - Mathieu Perrenoud" <[EMAIL PROTECTED]> wrote:
> > I'm trying to do it with iptables destination nat, I created this > > rule Chain PREROUTING (policy ACCEPT 9177 packets, 1980K bytes) > > pkts bytes target prot opt in out source > > destination > > 8 480 DNAT tcp -- any any anywhere > > anywhere tcp dpt:telnet to:10.0.0.4:23 > > > > with this command "iptables -t nat -A PREROUTING -p tcp --dport 23 > > -j DNAT- --to 10.0.0.4:23" > > When I telnet to the routing box, I see that the counters for that > > rule are incremented, so, it seems to be working, but I was told, > > that I'm missing, a rule, that NATs the packets back... but I'm not > > sure how to make that rule, can anyone help me ? > > iptable should route the packets coming back without any other > instruction. emerge ethereal and look at the traffic going through > your box. Does the SYN goes to the LAN's box? Does a SYN ACK comes > back? Can you ping the LAN's box from the router and vice-versa? > > And don't use masquerading, that's not what you need. but afaik you need masquerading for the outgoing packets 'cause they would have the internal address, if you don't masquerade them? did i understand this in a wrong way? greetings, tom -- "We have struggled to not proceed, but to precede to the future of a nation's child." George W. Bush November 12, 2000 Quoted in the Journal Gazette.
pgp00000.pgp
Description: PGP signature
