[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 30 July 2002 2:51 pm, Simon Waters wrote:
Currently 2.2 Kernel and using IP masquerading on 1.2.3.4. I think 2.4 will do this, I've no idea how, can 2.2 do it? I'll want to log it as well.
2.4 can for sure, i have no idea anymore about 2.2, it's been so long since i've used it (2.2 is sadly lacking in many of the vital network features i need to use these days). so this is how it's done in 2.4... you are best to use destination NAT'ting, whih alters the dst header and send it out on another interface. there is a limit on this in the current 2.4 series, but see [1].
I think the conversation goes something like this.....
*snip* using DNAT would not change the source addrss, only the destination, so it would go 6.6.6.6:1025 in eth0 -> 1.2.3.4:25 6.6.6.6:1025 out eth1 [1] -> 5.6.7.8:25 then 5.6.7.8:25 in eth1 -> 6.6.6.6:1025 5.6.7.8:25 out eth0 -> 6.6.6.6:1025 so that translates in iptables to: iptables -t nat -I PREROUTING -s 6.6.6.6 -d 1.2.3.4 -i eth0 -p tcp --dport 25 - -j DNAT --to-destination 5.6.7.8:25 any other connections will just fall through, and end up on 1.2.3.4's MTA. hope i understood the question right ;) ~ Theo [1] - now the problem here is netfilet can't currently NAT local to/from local src/dst. there is a patch in the pom (pathch-o-matic) called IP_CONNTRACK_LOCAL that allows this, and it's already in the 2.4.19-pre iirc. whne you build your kernel, cd into the iptables source and type "./pom newnat". - -- Theo Zourzouvillys http://zozo.org.uk/ Q: What do they call the alphabet in Arkansas? A: The impossible dream. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9Rp6e448CrwpTn6YRAnLRAKDkWGS0UTdxpQtlq5DFdasj3gsyjwCfeoot 8B/teLEk4RaGp4nO+NjNlsQ= =LKd9 -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.