Re: Questions on DNAT and pre/postrouting...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 20 July 2004 10:02 pm, Jeffrey C Albro wrote:

> I've seen this referred as un-DNATing.  It makes perfect sense
> that due to the client expecting packets back from the address it sent
> them to that this is required behavior, but can this be turned off or
> controlled?

Sorry - forgot to reply to this bit.

I can think of two ways to avoid it:

1. Turn off connection tracking for the packets you don't want reverse NATted 
(possibly all packets?) with the NOTRACK target.

2. Use iproute2 to do your NAT rules (I believe this is not stateful, and 
therefore doesn't do automatic reverse NAT for you).

Regards,

Antony.

-- 
90% of networking problems are routing problems.
9 of the remaining 10% are routing problems in the other direction.
The remaining 1% might be something else, but check the routing anyway.

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux