Changing the desitnation (DNAT) locally
Al Sparks
data345 at yahoo.com
Fri Feb 6 18:37:52 UTC 2004
I originally tried to post this to the netfilter-list at
netfilter.org, but I can't get a post to them, or even subscribe to
their list. It may be broken. Since I'm attempting this on a fedora
box, I thought I'd post the question here.
I'm new to netfilter.
I've been going through the HOW-TO's on NAT, and I want to change the
destination on packets based on it's destination.
I set up a test, the idea being, I want to change the destination of a
packet from 192.168.100.99 to 127.0.0.5. The packet will be generated
locally.
The first thing I did, is I set up my route tables so that
192.168.100.99 127.0.0.5 255.255.255.255 UGH 0 0 0 lo
10.254.223.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default whatever 0.0.0.0 UG 0 0 0 eth0
So I have 192.168.100.99 routed to my local interface, "lo".
Here's my NAT listing:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 192.168.100.99 to:127.0.0.5
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
To test it, I telnet to the SSH port with
telnet 127.0.0.5 22
which gets me a connection, but
telnet 192.168.100.99 22
just shows a SYN_SENT when I check with netstat.
So, is what I'm doing doable? If so, how do I do it?
=== Al
More information about the fedora-list
mailing list