ipnatctl: exclude addresses
Paul Rusty Russell
Paul.Russell@rustcorp.com.au
Fri, 24 Sep 1999 11:18:40 +0930
In message <19990922211843.A1352@vergenet.net> you write:
> Hi,
> I am looking to use ipnatctl to redirect port 80 traffic to port
> 8080 on a proxy server. So I put in a rule along the lines of:
>
> /sbin/ipnatctl -I -p tcp -d 0.0.0.0/0 --dport 80 -b dest -t 10.21.64.19 --to-
port 8080
>
> Problem is that the proxy servers outbound traffic has to
> travel though this router too and this rule will
> basically redirect the proxy's retrieval attempts back to
> itself. Right?
Hi Horms,
Yes. So put in a null NAT rule for local traffic:
# Like normal
/sbin/ipnatctl -I -p tcp --dport 80 -b dest -t 10.21.64.19 --to-port 8080
# Null src mapping rule
/sbin/ipnatctl -I -p tcp -s [ifaddr] --dport 80 -b source -t [if addr]
As you say, I should really put a null hack in the ipnatctl code. But
how to make it neat...
Rusty.
--
Hacking time.