Re: rewriting source and destination of local packets

To: debian firewall list <debian-firewall@lists.debian.org>
Subject: Re: rewriting source and destination of local packets
From: David Schmitt <david@schmitt.edv-bus.at>
Date: Wed, 23 Mar 2005 12:22:57 +0100
Message-id: <[🔎] 200503231222.57963@zion.black.co.at>
In-reply-to: <[🔎] 20050323100605.GA24210@cirrus.madduck.net>
References: <[🔎] 20050323100605.GA24210@cirrus.madduck.net>

On Wednesday 23 March 2005 11:06, martin f krafft wrote:
> I want to rewrite source and destination sockets of locally
> generated packets. Specifically, packets with the following pair
>
>   1.2.3.4:12345 -> 8.7.6.5:80
>
> should be rewritten as
>
>   127.0.0.1:12345 -> 127.0.0.1:3128
>
> Is it possible to achieve this with iptables? I can do the
> destination rewriting just fine (using REDIRECT in the OUTPUT
> chain), but to rewrite the source, I need to use SNAT (I think),
> which is only valid in POSTROUTING, and by that point in time it's
> too late.

try to fwmark the packages when REDIRECTing and use the mark on POSTROUTING to 
SNAT too.

Just off the top of my head.



Regards, David
-- 
- hallo... wie gehts heute?
- *hust* gut *rotz* *keuch*
- gott sei dank kommunizieren wir über ein septisches medium ;)
 -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15

Reply to:

Follow-Ups:
- Re: rewriting source and destination of local packets
  - From: martin f krafft <madduck@debian.org>

References:
- rewriting source and destination of local packets
  - From: martin f krafft <madduck@debian.org>

Prev by Date: rewriting source and destination of local packets
Next by Date: Re: rewriting source and destination of local packets
Previous by thread: rewriting source and destination of local packets
Next by thread: Re: rewriting source and destination of local packets
Index(es):
- Date
- Thread