Unmatchable packet?

Nikolai Georgiev voyager123bg at gmail.com
Wed Nov 23 01:46:24 CET 2005


Jesse Gordon wrote:

> ----- Original Message ----- From: "Jesse Gordon" <jesseg at nikola.com>
>
>> My box is running a TCP service. When another box tries to my box, my
>> box
>
>
> I meant 'When another box tries to _connect to_ my box...'
>
> -Jesse
>
>> responds with a reply packet.(Just like it should.)
>> How do I match that (and all subsequent) reply packets so I can SNAT
>> on them?
>>
>> I even tried:
>>
>> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 222.222.222.222
>>
>> and sure enough, everything going out eth1 was 'from' 222.222.222.222
>> except the reply packets to incoming connections.
>>
>> Also tried -t nat OUTPUT, -t mangle OUTPUT, etc.. Nothing seemed to
>> work.
>>
>> Should I expect such a feat to be possible?
>>
>> Thanks!
>>
>> -Jesse
>>
>>
>>
>
I think you are looking for DNAT. Yep, you want to make DNAT. Lets
suppose you have 3 machines: A,B,C; A is behind B and you are on C. You
would want to make a DNAT rule on B to A in order to initiate
connections from C to A...

>
>
>




More information about the netfilter mailing list