On Fri, 2004-02-20 at 09:49, Phil Scarratt wrote: > Peter Rundle wrote: > > Sluggers, > > > > I'm D'nating access to my web server via my Linux Gateway with this > > statement. > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to > > 172.16.0.148 > > > > This works great as long as the default gateway on the web server > > (172.16.0.148) points to the Linux Gateway. > > > > However, I need to set the default gateway of the web server to > > somewhere else (an alternate internet connection) When I do this the > > reply packets never make it back to the gateway, and I have an asymetric > > routing situation (Kinda as expected really). > > > > My Question is; > > > > Is there a complimentary iptables statement that I can use to SNAT's the > > inbound packet so that the web server > > see's the source as the Linux gateway hence the packet is returned there > > where upon it is readdressed back to the real originating client in the > > outside world?
yes, surprisingly enough it's 'SNAT'. I suggest you use a mark rule in the mangle table to mark the packet before DNAT and SNAT, then DNAT & SNAT based on the fwmark. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
