/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ On 17 Aug 2000, Bryan Ha wrote: > I am trying to redirect a packet which is sent from an internal host to an > external site. I want to redirect it to another internal host via the > firewall. I have devised 2 rules but it doesn't seem to work: > > ipchains -I input -p tcp -s 192.168.0.0/24 -d 123.234.34.2 -m 5 > ipmasqadm -mfw -m 5 -r 192.168.0.5 Is "123.234.34.2" your firewall's external address? Or is it just some site on the Internet? In either case the above will not work. This is what happens: Initial packet: >From 192.168.0.2:1234 To 123.234.34.2:80 "MFW'ed" >From 192.168.0.2:1234 To 192.168.0.5:80 Well that looks good, but what happens when 192.168.0.5 tries to respond to 192.168.0.2? It does so directly: Response: >From 192.168.0.5:80 To 192.168.0.2:1234 The 192.168.0.2 machine will not accept the response since it did not come from 123.234.34.2. Anyway you have only one choice: DNS redirection. Have the DNS server on your firewall return a different IP address for whatever the hostname is here. -- Michael Best _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
