Forwarding packets on same interface (echoing)
jtmoore at international-auto.com
Fri Aug 12 18:40:36 CEST 2005
The following will work if you want the packets coming to 188.8.131.52 to be redirected to 10.10.1.2
iptables -t nat -A PREROUTING -i eth1 -d 184.108.40.206 -p udp --dport 30000:32000 -j DNAT --to-destination 10.10.1.2
If you want the reply from 10.10.1.2 to be change to look like it came from 220.127.116.11 you have two choices based on your network setup
1. 10.10.1.2 routes its replies through the same machine using iptables to do the DNAT above. This makes life simple because the iptables machine will track the DNAT connection and change the source address in the replies from 10.10.1.2 back to 18.104.22.168 automatically
2. Run iptables on 10.10.1.2 or another machine between 10.10.1.2 and the clients and SNAT responses to the client from 10.10.1.2 to 22.214.171.124. This can potentially get complicated and ugly, but it can be done
----- Original Message -----
From: "Martin van den Berg" <martinvdberg at gmail.com>
To: <netfilter at lists.netfilter.org>
Sent: Friday, August 12, 2005 7:05 AM
Subject: Forwarding packets on same interface (echoing)
I have this NAT/firewall box (debian) configured with iptables. Port
forwarding etc works fine for one exception: A need a rule that
'echoes' back udp packets if they meet the following criteria:
+ in-interface=eth1 (that's the 'private' interface)
+ destination IP is public ip-address (e.g. 126.96.36.199) (that's eth0)
+ Port range is e.g. 30000-32000
+ The packets need to be forwarded via eth0 (thus echoed) to e.g.
10.10.1.2, same port.
Hope you can help me and thanks in advance!
More information about the netfilter