[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables port forwarding



* Siraj 'Sid' Rakhada (sid@mindless.co.uk) [021114 08:08]:
> I connect to port 443 on my firewall, and that then forwards the 
> connection onto another host:port, at the same time rewriting the 
> headers, and doing connection tracking (a form of NAT...).
> 
> As far as the host that actually deals with the data, it only sees my 
> firewall connecting to it. Not the host that connects to port 443 on 
> the firewall.

I don't believe this.  Well, I should qualify that: I don't believe that
the single DNAT rule you gave would cause this effect.  You must also
have some SNAT going on as well, or your firewall shouldn't be rewriting
the source address.  Maybe your upstream is doing some kind of rewriting
to keep you from sending out spoofed packets, so it changes the source
to your address?

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
http://www.debian.org/

Attachment: pgpWhAQrJHuhR.pgp
Description: PGP signature


Reply to: