[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

SUMMARY : iptables SNAT interfering with DNAT

I just got it to work with marking the packets

# mark PREROUTING packets with a dest of 10.10.10.8 to 108
$IPT -t mangle -A PREROUTING -d 10.10.10.8 -j MARK --set-mark 108

# ACCEPT any packets on the POSTROUTING chain with a mark of 108
# This will stop the SNAT rule in the POSTROUTING chain later on
# from playing with the source IP
$IPT -t nat -A POSTROUTING -m mark --mark 108 -j ACCEPT

# Regular DNAT rule here now.
$IPT -t nat -A PREROUTING -d 10.10.10.8 -j DNAT --to 192.168.32.12

Now when I ssh to 10.10.10.8 the source IP of the client on the
172.17.0.0/19 is maintained.

When I ssh to 192.168.32.12 the source IP is changed to 192.168.32.6 which
is exactly what I want.



On Tue, 4 Mar 2003 steve@neptune.ca wrote:

> I've been beating my head against the table for the past couple of hours
> trying to get this working properly.
>
> I'm trying to dp a PREROUTING DNAT that will send any traffic destined to
> 10.10.10.8 and DNAT it to 192.168.32.12
>
> The PREROUTING rule does that, but what keeps happening is the POSTROUTING
> rules further down the chain is changing the source IP to 192.168.32.6
>
> What I need is the POSTROUTING SNAT rule to -ONLY- take place when an
> attempt to access 192.168.32.12 is established from anything else except
> the PREROUTING DNAT.
>
> here are the 2 PREROUTING and POSTROUTING entries:
>
> $IPT -t nat -A PREROUTING -d 10.10.10.8 -j DNAT --to 192.168.32.12
> $IPT -t nat -A POSTROUTING -s 172.17.0.0/19 -d 192.168.32.12 -j SNAT
> --to-source 192.168.32.6
>
> Right now, when I ssh to 10.10.10.8 it shows my source IP as 192.168.32.6
> which works but I dont want the source IP changed for the DNAT
>
> Any ideas of how to get around this ?
>
> Thanks.
> _______________________________________________
> LinuxManagers mailing list - http://www.linuxmanagers.org
> submissions: LinuxManagers@linuxmanagers.org
> subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
_______________________________________________
LinuxManagers mailing list - http://www.linuxmanagers.org
submissions: LinuxManagers@linuxmanagers.org
subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers

[Home]     [Kernel List]     [Linux SCSI]     [Video 4 Linux]     [Linux Admin]     [Yosemite News]     [Motherboards]

Powered by Linux