a few questions

Paul Rusty Russell Paul.Russell@linuxcare.com.au
Mon, 29 Nov 1999 09:09:54 +1100


In message <Pine.LNX.4.05.9911242151350.31427-100000@srv1.ecropolis.com> you wr
ite:
> ipnatctl -F
> 
> ipnatctl -I -s 10.0.0.0/24 -o eth0 -b source -m masquerade
> ipnatctl -I -d 1.2.3.4 -p tcp --dport 80 -b dest -t 10.0.0.4 --to-port 80
> ipnatctl -I -d 1.2.3.5 -p tcp --dport 25 -b dest -t 10.0.0.10 --to-port 25
> ipnatctl -I -d 1.2.3.5 -p tcp --dport 110 -b dest -t 10.0.0.10 --to-port 110
> ipnatctl -I -d 1.2.3.6 -p tcp --dport 25 -b dest -t 10.0.0.4 --to-port 25
> 
> So why can't 10.0.0.4 go to 1.2.3.6 25?

BTW, you can skip to --to-port args here (destination ports won't
change unless you specify it).

What to you want to happen when 10.0.0.4 tries to go to 1.2.3.6:25?
Do you want it to really hit 1.2.3.6's port, or come back to itself? 

[Note: untested examples ahead.]

Really hit: (tell it not to map those connections).

	ipnatctl -I -d 10.0.0.0/24 -s 10.0.0.0/24 -b dest -m null
OR
	Specify -i eth0 in your ipnatctl -b dest rules.

Come back: (need to masquerade those packets coming from inside which
	have destination altered as above):

	ipnatctl -I -d 10.0.0.4 -s 10.0.0.0/24 -i eth1 -p tcp --dport 80 -b source -m masquerade
	ipnatctl -I -d 10.0.0.10 -s 10.0.0.0/24 -i eth1 -p tcp --dport 25 -b source -m masquerade
	ipnatctl -I -d 10.0.0.10 -s 10.0.0.0/24 -i eth1 -p tcp --dport 110 -b source -m masquerade
	ipnatctl -I -d 10.0.0.4 -s 10.0.0.0/24 -i eth1 -p tcp --dport 25 -b source -m masquerade

> Thanks.  SOrry for this is beginner material.  The docs seem incomplete in
> the examples area.

You're right, they are.  This is a classic case which should be
well documented...

Rusty.
--
Hacking time.