Unmatchable packet?
Jesse Gordon
jesseg at nikola.com
Tue Nov 22 22:28:33 CET 2005
----- Original Message -----
From: "Jesse Gordon" <jesseg at nikola.com>
> My box is running a TCP service. When another box tries to my box, my box
I meant 'When another box tries to _connect to_ my box...'
-Jesse
> responds with a reply packet.(Just like it should.)
> How do I match that (and all subsequent) reply packets so I can SNAT on
> them?
>
> I even tried:
>
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 222.222.222.222
>
> and sure enough, everything going out eth1 was 'from' 222.222.222.222
> except the reply packets to incoming connections.
>
> Also tried -t nat OUTPUT, -t mangle OUTPUT, etc.. Nothing seemed to work.
>
> Should I expect such a feat to be possible?
>
> Thanks!
>
> -Jesse
>
>
>
More information about the netfilter
mailing list