Can anyone tell me how to do this?
Dominic Iadicicco
sctylib2004 at yahoo.com
Wed Sep 22 16:45:18 CEST 2004
Eric:
Where should I put?
"iptables -A POSTROUTING -t nat -d 172.16.12.212 -p
> tcp --dport 22 \\
> -j SNAT --to 172.16.12.130"
Should that command also be executed on the same
machine as the previous?
Thanks
Dom
--- Eric Leblond <eric at inl.fr> wrote:
> On Wed, 2004-09-22 at 16:09, Dominic Iadicicco
> wrote:
> > Hello all,
> > My devil-Box is at 172.16.12.130 and I want all
> ssh
> > request to this .130 address, to go to address
> > 172.16.12.212.
>
> go to : it's the easy part :
> iptables -A PREROUTING -t nat -d 172.16.12.130 -p
> tcp -dport 22 \\
> -j DNAT --to 172.16.12.212
>
> well that's for go to. But let say A try to connect
> to 172.16.12.130 then
> 172.16.12.212 receive a connection from 1 and answer
> to A which wait
> answer from 172.16.12.130. bad day for him.
> The solution is to change source address of packets
> going to
> 172.16.12.212 :
> iptables -A POSTROUTING -t nat -d 172.16.12.212 -p
> tcp --dport 22 \\
> -j SNAT --to 172.16.12.130
>
> thus we have the following :
> A talks to 172.16.12.130
> packet arrive to 172.16.12.212 with source
> 172.16.12.130
> packet return to 172.16.12.130
> which reemit to A.
>
> BR,
> --
> Eric Leblond <eric at inl.fr>
> INL
>
>
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
More information about the netfilter
mailing list