AW: general question about DNAT-rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Ursprüngliche Nachricht-----
Von:	Thomas Bätzler <t.baetzler@xxxxxxxxxx>
Gesendet:	Do 28.06.2012 19:44
Betreff:	AW: general question about DNAT-rule
An:	netfilter@xxxxxxxxxxxxxxx; 
CC:	Stefan Bauer <stefan.bauer@xxxxxxxxxxx>; 
> Stefan Bauer asked:
> > This is done internally right? hence i dont see such a rule in the iptables 
> -t nat
> > -vnL output?
> 
> Have a look at /proc/net/ip_conntrack, or better yet, install the conntrack 
> utility.

Ok - so it is handled internal. Can i sum this up and keep in mind the following?

A single DNAT-rule is enough on a router to have bi-directional traffic as the required "SNAT-magic"
is automatically done.

A DNAT and SNAT-rule is required on a device to forward packages to another device because answer packages will not flow through the first device as it is not in the middle like a router?

thank you very much for clarification.

Stefan
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux