ipnatctl: exclude addresses

Paul Rusty Russell Paul.Russell@rustcorp.com.au
Fri, 24 Sep 1999 11:18:40 +0930


In message <19990922211843.A1352@vergenet.net> you write:
> Hi,
>   I am looking to use ipnatctl to redirect port 80 traffic to port
> 8080 on a proxy server. So I put in a rule along the lines of:
> 
> /sbin/ipnatctl -I -p tcp -d 0.0.0.0/0 --dport 80 -b dest -t 10.21.64.19 --to-
port 8080
> 
> Problem is that the proxy servers outbound traffic has to 
> travel though this router too and this rule will
> basically redirect the proxy's retrieval attempts back to
> itself. Right?

Hi Horms,

Yes.  So put in a null NAT rule for local traffic:

# Like normal
/sbin/ipnatctl -I -p tcp --dport 80 -b dest -t 10.21.64.19 --to-port 8080
# Null src mapping rule
/sbin/ipnatctl -I -p tcp -s [ifaddr] --dport 80 -b source -t [if addr]

As you say, I should really put a null hack in the ipnatctl code.  But
how to make it neat...

Rusty.
--
Hacking time.