DNAT - newbie question

curby . curby.public at gmail.com
Wed Aug 3 22:55:20 CEST 2005


On 7/28/05, Dharanikanth Dugginni <dharanikanthd at gmail.com> wrote:
> Lets suppose a host h1 is sending packets to addr N1 (this is the addr
> for NAT box)  I want to change this addr to a different addr which
> will not be known until after few packets arrive from h1 to n1.
> (Appears from the conntrack and NAT tables documenatation that after
> the first packet, the DNAT table will not be used any more).  Is there
> a way to force subsequent pacekets in the same stream to always use
> the DNAT table?

Are you using stateful rules?  If not, your DNAT rule handles packets
heading to N1, and NAT code transparently deals with packets heading
the other way.  If you are using an ESTABLISHED state-matching rule,
then only the first packet matches the DNAT rule, and then state
matching rule allows subsequent packets through, while NAT still
happens in the background.  At least I think so. =)



More information about the netfilter mailing list