One requirement for a firewall setup I am working on is the ability to forward all (remaining) ports to a specific host on the network. Note that I am hoping to avoid using this but it is required as an option. The server/router runs some services. There is a chain of RETURNs for those services. Packets with the remaining destination ports fall through to the actual DNAT target: # iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.2.10 But what affect does this have on ESTABLISHED,RELATED connections? Does this interfere with, say, a reply from google.com:80 to network host 192.168.2.99? Links etcetera welcome. Thanks.
Attachment:
signature.asc
Description: Digital signature