[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FW: port forwarding unsin iptables

On Tue, Aug 15, 2000 at 04:20:44AM -0400, michael a. hacker wrote:
> well i appologize if anyone replied (hopefully) but my school decided to
> nuke my e-mail server without informing anyone (thats what i get for going
> to a state school). all the mail i had on that account is lost in
> format-land.
> well needless to say i am still having this problem and i would really like
> to figure it out.. any help would be appreciated.
> mike

I sent you a couple of responses (A big one and a correction) - I was
wondering why they bounced.  See the debian-firewall archive for 8/11
or write me directly and I'll resend them off-list.

A clarification to my previous correction:

In my original post (of 8/11, not the very first one some days earlier),
I was thinking of outbound connections initiated by the host in question.
In this restricted case, no -d flag is needed unless you are multi-homed.
Having the -d flag in a DNAT rule doesn't affect outgoing connections
which are initiated by the host in question, and is therefore not needed
in this case, because different chains are traversed (i.e., PREROUTING
is not traversed).

However, in the "correction post", I was thinking of a firewall
configuration where connections are originated by hosts behind the
firewall.  In this more general case the -d flag is needed to prevent
rerouting those connection attempts from the outside world to your
internal servers.

Steve Bowman  <sbowman@frostwork.net> (preferred)
Buckeye, AZ   <sbowman@goodnet.com> <bowmanc@acm.org>

Powered by Debian GNU/Linux <http://www.debian.org>

Reply to: