trying to get DNAT and SNAT working together.
bikrant at wlink.com.np
Fri Apr 15 20:48:10 CEST 2005
Have you turned on ip forwarding ? and make sure it is not dropped in the
forward chain. just in case if you missed it :D
If it supports, you can try tcpdump on the destination machine
----- Original Message -----
From: "Christian Hedegaard" <christian.hedegaard at trustcommerce.com>
To: <netfilter at lists.netfilter.org>
Sent: Saturday, April 16, 2005 12:14 AM
Subject: trying to get DNAT and SNAT working together.
> Hey everyone. I'm trying to achieve something relatively simple (I think).
> I want a machine to sit on a public IP. when a request comes in for that
> public IP, it redirects the packets to another machine on some public
> IP. (iptables DNAT)
> when that machine gets the packet, it should think that it came from the
> iptables DNAT machine, and send it back there. which is where iptables
> SNAT comes in.
> however. I can't seem to get the two working together.
> in my office I have three machines.
> 1.87 (running apache)
> 1.72 (me)
> 1.85 (iptables)
> I have these two rules:
> iptables -t nat -A PREROUTING -p tcp -d 1.85 --dport 80 -j DNAT \
> --to-destination 1.87
> iptables -t nat -A POSTROUTING -p tcp -d 1.87 --dport 80 -j SNAT \
> --to-source 1.85
> theoretically, this says that packets destined for 80 coming to the
> iptables machine should get forwarded to the apache machine (1.87), and
> any packets destined for the apache machine should be SNAT'ed back to
> the firewall machine.
> basically, I just want a totally transparent packet forwarder that will
> redirect traffic to the proper machine.
> however, it's not working. something in my config is wrong and I can't
> figure it out.
> Christian Hedegaard-Schou
> Sr. Systems Administrator
> 2 Park Plaza, Suite 350
> Irvine, CA 92614
> (949) 387 - 3747
> christian.hedegaard at trustcommerce.com
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.308 / Virus Database: 266.9.11 - Release Date: 4/14/2005
More information about the netfilter