DNAT again
Brad Chapman
kakadu@earthlink.net
Fri, 27 Jul 2001 07:57:40 -0400
Mr. Scharf,
See the Linux 2.4. NAT HOWTO in Rusty's Remarkably Unreliable Guides at
netfilter.gnumonks.org/unreliable-guides/. See section 10: `Destination
NAT Onto
The Same Network'.
Brad
Harald Scharf wrote:
> Yesterday, i made a post to this list about strange DNAT Problems.
> Because there came no answer, i took a sniffer and tracked the ip flow
> through our network
> and found something interesting.
>
> The Problem was :
> DNAT worked fine from the Internet (external) , but if a request came from
> the internal Network ,
> the Translation Failed.
>
> If the IP request comes from the Internet (external), then DNAT worked
> perfectly all the time -->
>
> tcpdump on the NAT Server :
> timestamp . SOURCE IP.PORT -> NAT_SERVER.IP.PORT
>
> tcpdump on the Web Server :
> timestamp. SOURCE.IP.PORT -> WWW.SERVER.IP.PORT
>
> but....
>
> if the Request comes from my private Network, the tcpdump was like :
>
> timestamp. CLIENT.IP.PORT -> NAT_SERVER_PORT.
>
> I tried to put the DNAT Rule to the OUTPUT Nat Chain, but the packet never
> passed this one (its for lokal routing
> purpose only i think).
>
> And if i had a look to the packet Counter of the PREROUTING Chain, the
> Packet definitively passed the PREROUTING DNAT Rule,
> but the Packet could never come back, because of the wrong dest.ip Address.
>
> So i took the rinetd Package from boutell and look : Prefect Port forwarding
> without any Problems (internal and external)
>
> any ideas ?
>
> web server
> Harald Scharf
> Intel Certified Integration Specialist Networking
> Softpoint electronic
> Netzwerksysteme / Firewalls
> Bricks Core Development
> mailto:h.scharf@softpoint.at
> www.bricks.at
> www.softpoint.at
>
>
>
>