[LARTC] same address range, different interfaces
Ira Abramov
lists-lartc@ira.abramov.org
Thu, 20 Nov 2003 11:44:18 +0200
Quoting David Ruggles, from the post of Wed, 19 Nov:
> (Someone with more knowledge tell me if I'm wrong)
well, I'm no veteran either, but the man page said one can only do DNAT
in OUTPUT and PREROUTING while SNAT works only on POSTROUTING which is
the other way around from what I need...
> As far as I know the only way to modify packet addresses is to use the
> PREROUTING and POSTROUTING chains in the nat table.
>
> An example might be
>
> Machine A ip 10.0.0.2 ----> Gateway ip 10.0.0.1 eth0 <-> Gateway ip 10.0.0.3
> eth1 ----> Machine B ip 10.0.0.2
>
> On Gateway issue following:
>
> iptables -t nat -A PREROUTING -i eth0 -d 10.0.0.1 -j DNAT --to-destination
> 10.0.0.2
> iptables -t nat -A POSTROUTING -o eth1 -d 10.0.0.2 -j SNAT --to-source
> 10.0.0.1
>
> I'm not sure this will work though because how will the gateway know to send
> 10.0.0.2 out eth1 and not back out eth0?
my problem precisely...
--
A little something for the ladies
Ira Abramov
http://ira.abramov.org/email/