DNAT: forwarding all ports to a host

To: debian-firewall List <debian-firewall@lists.debian.org>
Subject: DNAT: forwarding all ports to a host
From: green <greenfreedom10@gmail.com>
Date: Thu, 15 Jul 2010 12:55:28 -0500
Message-id: <[🔎] 20100715175528.GG1683@swansys>
Mail-followup-to: debian-firewall List <debian-firewall@lists.debian.org>

One requirement for a firewall setup I am working on is the ability to forward 
all (remaining) ports to a specific host on the network.  Note that I am hoping 
to avoid using this but it is required as an option.

The server/router runs some services.  There is a chain of RETURNs for those 
services.  Packets with the remaining destination ports fall through to the 
actual DNAT target:
# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.2.10

But what affect does this have on ESTABLISHED,RELATED connections?  Does this 
interfere with, say, a reply from google.com:80 to network host 192.168.2.99?

Links etcetera welcome.

Thanks.

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: DNAT: forwarding all ports to a host
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

Prev by Date: Re: Email Verification!!
Next by Date: Re: DNAT: forwarding all ports to a host
Previous by thread: RE: Email Verification!!
Next by thread: Re: DNAT: forwarding all ports to a host
Index(es):
- Date
- Thread