I am getting into this discussion a bit late (been out of the country for a
while, etc) but I wonder about the following:
X -> A (159.166.1.69) -> B (159.166.4.137)
X -> C (159.166.1.7) -> B (159.166.4.137)
If in this scenario, A and C are forwarding traffic on specific ports to B,
then B would see either A or C as the *source* IP address, and thus it would
send reply packets to the appropriate IP address (again, A or C, depending
on where the traffic came from). A and C should then, using connection
tracking and/or explicit NAT in reverse direction, send the replies back to
X, coming from A or C depending on who is passing the packets for that case.
So, the scenario would split up as:
X -> A (159.166.1.69)
A (159.166.1.69) -> B (159.166.4.137)
A (159.166.1.69) <- B (159.166.4.137)
X <- A (159.166.1.69)
---------------------------------------------
X -> C (159.166.1.7)
C (159.166.1.7) -> B (159.166.4.137)
C (159.166.1.7) <- B (159.166.4.137)
X <- C (159.166.1.7)
Would that be the mechanism you are looking for? In this, B would only see
traffic coming from A and/or C, and respond back to A and/or C. A and C would
be responsible for doing the correct address translation to pass things back
and forth transparently.
Kris
On Tue, Oct 05, 2004 at 10:25:07AM -0400, Bob wrote:
> now I am beginning to understand this a little better. I actually have 2
> of these setups
>
> -> A (159.166.1.69) -> B (159.166.4.137)
> X
> -> C (159.166.1.7) -> B (159.166.4.137)
>
> You can put the address of either A or C and the packet is forwarded over
> to B to be processed.
>
> Right now if you put in A's address, the packet will be sent to B and but
> since it is coming from X (which is a totally different IP address) the
> packet will end up on the default route and go back to A and that will
> work fine, but, if you use C's address, the packet gets sent to B and
> since X is outside, B send the packet to the default route of A.
>
> What I need B to do is know if the packet came from thru A to send it back
> to A and if it came thru C to send it back to C
>
>
>
> On Mon, 4 Oct 2004 17:24:01 +0200, Peter Oberparleiter
> <[EMAIL PROTECTED]> wrote:
> > I'll assume that you're trying to implement this scenario:
> >
> > X -> A (159.166.1.69) -> B (159.166.4.137)
> >
> >
> > $IPTABLES -t nat -A POSTROUTING -p tcp --destination 159.166.4.137 \
> > --dport 8994 -j SNAT --to 159.166.1.69
> >
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
--
Never underestimate a Mage with:
- the Intelligence to cast Magic Missile,
- the Constitution to survive the first hit, and
- the Dexterity to run fast enough to avoid being hit a second time.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
