[ale] iptables dnat

Jerry Yu jjj863 at gmail.com
Fri Feb 23 18:26:32 EST 2007


James, could you clarify 'a system changing DNAT packets' in terms of

   - how it relates to the Internet (1.1.1.1) , the iptables fw box (
   10.10.10.10) and DNAT destination (192.168.0.10)?
   - what's its function?  Load balancer or alike could do SNAT. For
   instance, F5 Big-IP has SNAT automap. However, in that case, the DNAT
   packets show up as if from the load balancer.



On 2/23/07, Jim Popovitch <jimpop at yahoo.com> wrote:
>
> On Fri, 2007-02-23 at 16:53 -0500, James P. Kinney III wrote:
> > Does iptables dnat change the originating IP address? Is it supposed to?
> >
> > Packet from 1.1.1.1 hits iptables destined to 10.10.10.10. That external
> > address is dnat'ed to 192.168.0.10 and then the packet is sent to the
> > the final address.
> >
> > I have a system that seems to be changing the source IP of dnat packets
> > so that all connections appear to come from the iptables machine and not
> > the outside.
>
> That doesn't sound like it's setup right.  What are the iptables rules
> you are using?
>
> -Jim P.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list