|
|
|
Regarding Iptables Redirect Target rule | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Hello, Interface 1 Interface 2 9090(encrypted) --------- 9000(decrypted) ------>-------|Fire wall|--->----- ------>-------| |--->----- 9000(unencrypted)--------- 9000(unencrypted)I need to encrypt/decrypt and port translate traffic coming in on a particular port (9090).
I first perform decryption by queuing packets to a userspace program with the following iptables rule
(a) iptables -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE To achieve port translation i use the REDIRECT target as shown below(b) iptables -t nat -A PREROUTING -p udp --dport 9090 -j REDIRECT --to-port 9000
The iptables rule with the REDIRECT target ensures that traffic on port 9000 on Interface 2 gets port translated to port 9090 while going out through Interface 1, only if they belong to a connection that was port translated from 9090 to 9000 while coming in on Interface 1.
I would like to know how to construct a rule to intercept packets that belong to the port translated stream, but now are coming from Interface 2 and would like to encrypt them before they go out on Interface 1 ? There are other connections that use port 9000, however these do not belong to the port translated stream.
Will the following rule work ? iptables -t mangle -A POSTROUTING -p udp --sport 9090 -j NFQUEUEi.e. Will REDIRECT, ensure that the source port is rewritten from 9000 to 9090 by the time the packet hits mangle POSTROUTING ?
Thanks in advance, Vikram. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development] [Linux Kernel Development] [TCP/IP Books] [Linux Resources] [LARTC] [Home] [Bugtraq] [Consulting] [Free Internet Dating] [Yosemite Forum] [Photo]
|
|