Problem with DNAT from localhost to LAN via loopback
opie at 817west.com
Thu Apr 14 22:19:28 CEST 2005
On Thu, Apr 14, 2005 at 10:01:14PM +0200, Charles Delorme wrote:
> Thank you for that tip. Are there any side effects for this compilation
> directive ?
not that i'm aware of. i suppose if you want to split hairs, you're
forcing locally-generated packets to traverse an additional netfilter
hook. dunno that i would be concerned about that though.
> I'm not sure to understand what kind of rule I need to add in the OUTPUT
> chain. Should I copy the kind of rule I have in the PREROUTING table ?
probably. something like:
iptables -t nat -A OUTPUT -p tcp -d $EXT_IP --dport 3739 \
-j DNAT --to-destination 192.168.38.9:3739
the result being that when the firewall tries to connect to its own
external IP on TCP port 3739, the connection gets DNAT-ed to the 38.9
machine--which i *think* is what you were after.
"Stewie: Careful! You're washing a baby's scalp, not scrubbing the vomit
out of a Christmas dress, you stupid holiday drunk."
More information about the netfilter