[ale] Stupid question time: PAT vs NAT
JK
jknapka at kneuro.net
Tue May 8 13:04:16 EDT 2007
JK wrote:
> Ned Williams wrote:
>
>
>>Ale'ers
>>
>>
>>I need to do port address translation vs name address translation, is this
>>something tables can do or is there another daemon I need to load to do
>>such?
>
>
> IIRC, PAT is simply a special case of NAT, where the translated
> source IP address is == the IP on which the packet is leaving.
> This used to be called "masquerading", although that's actually
> a slightly different concept within iptables. So a SNAT rule
> with "--to-source <egress-interface-ip>", or a MASQUERADE
> rule, should do what you want.
>
> If you really mean "port forwarding" (eg connections to
> localhost port 9000 get sent to remotehost port 15000),
> then you need a REDIRECT rule. "man iptables" is your
> very good friend.
But not *my* friend, apparently. I'm wrong about REDIRECT;
you really need a DNAT rule to do port forwarding, unless you're
redirecting to a port on the firewall machine itself. I use
this all the time; it was looking at the man page that
confuzzled me :-/
-- Joe
--
"What can be asserted without evidence can also be
dismissed without evidence." -- Christopher Hitchens
More information about the Ale
mailing list