How multiple PCs on private LAN possible if incoming is DNAT'd
to *same* server *always*?
seberino at spawar.navy.mil
seberino at spawar.navy.mil
Thu Feb 3 23:59:36 CET 2005
> iptables -t nat -A PREROUTING -i $EXT_IF \
> -j DNAT --to-destination $SINGLE_SERVER_IP
> sorta. keep in mind that rules in "-t nat" are only applied to packets
> with state NEW--this is probably the piece you're missing.
Jason
I appreciate the care you've put into making strong iptables scripts
and helping people on this list. I understand your explanation
but I don't see how a newbie would have known that the iptables
rule above is to be ONLY applied to NEW state packets.
Doesn't EVERY incoming packet go through PREROUTING?? And hence,
the rule above will be applied to ALL incoming packets right?!?
I don't see any place above where it says '**this only applies
to NEW state packets**'. You must be right but I'm just wondering
how I would have figured that out on my own. :)
Chris
More information about the netfilter
mailing list