On Jan 31, 2008 1:59 PM, Raul Gil <[EMAIL PROTECTED]> wrote: > > I want to redirect all traffic with destination host A (82.xx.xx.xx) port > (xxxx) to host B (87.yy.yy.yy) port (xxxx). > > > /sbin/iptables -t nat -A PREROUTING -p tcp -m tcp -d 82.xx.xx.xx --dport > xxxx -j DNAT --to-destination 87.yy.yy.yy > > /sbin/iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 87.yy.yy.yy > --dport xxxx -j SNAT --to-source 82.xx.xx.xx
These translate into one DNAT rule in the rules file, and one line in the masq file respectively. Basically, the issue is that the packet will return directly to the public IP which is the source of the packet, which is not what you want. So you need to DNAT to change the destination, and you need to SNAT so that the packet returns to the original source via our DNAT mapping. Prasanna. -- www.elinanetworks.com Seamless, secure delivery of applications. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
