NAT in OUTPUT CHAIN
Henrik Nordstrom
hno@marasystems.com
Tue, 10 Jul 2001 15:08:43 +0200
NAT for locally originated connections is broken at the moment (not
implemented).
Have a patch to implement the missing pieces. See netfilter-devel archives
(also available on request).
--
Henrik Nordstrom
MARA Systems
Edilson Carlos Belluomini wrote:
> Hello everybody
>
> I tried to use NAT in OUTPUT chains, but it don`t works.
>
> I used the following commands:
>
> #re-route external traffic from internet webserver IP address to internal
> address
> iptables -t nat -A PREROUTING -p tcp -d $webip --dport 80 -j DNAT --to
> 192.168.0.1:80
> #packets from internal web server is SNATed to it's internet IP.
> iptables -t nat -A POSTROUTING -t nat -s 192.168.0.1 -o $extint -j SNAT --to
> $webip
> #re-route internal traffic to internal web-server as come com external linux
> ip address
> iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.1 --dport 80 -s
> 192.168.0.0/24 -j SNAT --to $extip
> #re-route linux box traffic
> iptables -t nat -A OUTPUT -p tcp -d $webip --dport 80 -j DNAT --to
> 192.168.0.1:80
>
> where $webip is the internet address of my web server, and 192.168.0.1 is my
> real address of my web server.
>
> Everything except the OUTPUT chains works fine.
>
> There is anybody that can help me ???
>
> Thank You
>
> Edilson Carlos Belluomini
> edilson@hrcnet.com.br