| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
While going over this after getting some sleep I found a much more elegant and "cheaper" way of doing this. # Mark all packets going to 10.10.10.0/24 with 1212 $IPT -t mangle -A PREROUTING -d 10.10.10.0/24 -j MARK --set-mark 1212 # ACCEPT any packet with the 1212 mark. $IPT -t nat -A POSTROUTING -m mark --mark 1212 -j ACCEPT # Create the PREROUTING DNAT's here ..... $IPT -t nat -A PREROUTING -d 10.10.10.8 -j DNAT --to 192.168.32.12 $IPT -t nat -A PREROUTING -d 10.10.10.9 -j DNAT --to 192.168.32.14 This way I dont end up having to create additional PREROUTING + mark and POSTROUTING + mark entries for each DNAT I want to create because the blanket mark'ing of everything going to 10.10.10.0/24 takes care of it. On Wed, 5 Mar 2003 steve@neptune.ca wrote: > I just got it to work with marking the packets > > # mark PREROUTING packets with a dest of 10.10.10.8 to 108 > $IPT -t mangle -A PREROUTING -d 10.10.10.8 -j MARK --set-mark 108 > > # ACCEPT any packets on the POSTROUTING chain with a mark of 108 > # This will stop the SNAT rule in the POSTROUTING chain later on > # from playing with the source IP > $IPT -t nat -A POSTROUTING -m mark --mark 108 -j ACCEPT > > # Regular DNAT rule here now. > $IPT -t nat -A PREROUTING -d 10.10.10.8 -j DNAT --to 192.168.32.12 > > Now when I ssh to 10.10.10.8 the source IP of the client on the > 172.17.0.0/19 is maintained. > > When I ssh to 192.168.32.12 the source IP is changed to 192.168.32.6 which > is exactly what I want. > > > > On Tue, 4 Mar 2003 steve@neptune.ca wrote: > > > I've been beating my head against the table for the past couple of hours > > trying to get this working properly. > > > > I'm trying to dp a PREROUTING DNAT that will send any traffic destined to > > 10.10.10.8 and DNAT it to 192.168.32.12 > > > > The PREROUTING rule does that, but what keeps happening is the POSTROUTING > > rules further down the chain is changing the source IP to 192.168.32.6 > > > > What I need is the POSTROUTING SNAT rule to -ONLY- take place when an > > attempt to access 192.168.32.12 is established from anything else except > > the PREROUTING DNAT. > > > > here are the 2 PREROUTING and POSTROUTING entries: > > > > $IPT -t nat -A PREROUTING -d 10.10.10.8 -j DNAT --to 192.168.32.12 > > $IPT -t nat -A POSTROUTING -s 172.17.0.0/19 -d 192.168.32.12 -j SNAT > > --to-source 192.168.32.6 > > > > Right now, when I ssh to 10.10.10.8 it shows my source IP as 192.168.32.6 > > which works but I dont want the source IP changed for the DNAT > > > > Any ideas of how to get around this ? > > > > Thanks. > > _______________________________________________ > > LinuxManagers mailing list - http://www.linuxmanagers.org > > submissions: LinuxManagers@linuxmanagers.org > > subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers > _______________________________________________ > LinuxManagers mailing list - http://www.linuxmanagers.org > submissions: LinuxManagers@linuxmanagers.org > subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@linuxmanagers.org subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
[Home] [Kernel List] [Linux SCSI] [Video 4 Linux] [Linux Admin] [Yosemite News] [Motherboards]