> Hello Guys, > > I've just installed kernel 2.4.18 and iptables 1.2.6a. One of the > patch-o-matic patches I choose was Henrrik local-nat. Kernel was correctly > recompiled, modules installed ........ but I'm having some problems trying > to figure out how to use this new feature ( redirect on locally generated ), > as I couldnt find any documentation on it. > > Would you mind in giving me some hints/examples of how to use this > feature ?? > > Sincerily, > Leonardo Rodrigues
Hi Leonardo ! I have not tested it myself yet but I think you can use it like this: iptables -t nat -A OUTPUT -p tcp -o eth0 -d internetip1 --dport 80 -j DNAT --to internetip2 Which means that you show up on internetip2`s port 80 (http) if you do lynx http://internetip1 from the command prompt at your firewall linux box. Its like ordinary DNAT but you use it at the firewall itself which not have been possible before. Another example can be iptables -t nat -A OUTPUT -p tcp -o eth0 -d internetip --dport 25 -j DNAT --to internetip:21000 Which will lead to that if sendmail try to send a mail to internetip at your linux firewall box, then it will send that to port 21000 on internetip instead of the the default port for smtp = 25. Might be good if you want to help out a friend to get mail (via your box) that have problems with an isp that blocks his port 25 (smtp) in some router/firewall or similar, then your friend have to do this of course on his own firewall: iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21000 -j REDIRECT --to-port 25 so it redirect to his sendmail listening port. Hope I`m right, else there is possibly another way that is right =) Regards /Micke
