Re: DNAT: forwarding all ports to a host

To: debian-firewall@lists.debian.org
Subject: Re: DNAT: forwarding all ports to a host
From: green <greenfreedom10@gmail.com>
Date: Fri, 16 Jul 2010 10:05:34 -0500
Message-id: <[🔎] 20100716150534.GK1683@swansys>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 4C3F7934.50503@plouf.fr.eu.org>
References: <[🔎] 20100715175528.GG1683@swansys> <[🔎] 4C3F7934.50503@plouf.fr.eu.org>

Pascal Hambourg wrote at 2010-07-15 16:10 -0500:
> green a écrit :
> > # iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.2.10
> > 
> > But what affect does this have on ESTABLISHED,RELATED connections?
> 
> Absolutely none.
> 
> > Does this 
> > interfere with, say, a reply from google.com:80 to network host 192.168.2.99?
> 
> No. Only the first packet of a new connection (i.e. the first one in the
> state NEW) goes through the 'nat' rules. Existing connections are not
> affected by 'nat' rules.

Oh yes, I remember reading that now in some documentation somewhere.  That 
helps me understand better what I'm doing in the nat table.  Thanks.

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- DNAT: forwarding all ports to a host
  - From: green <greenfreedom10@gmail.com>
- Re: DNAT: forwarding all ports to a host
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

Prev by Date: Re: DNAT: forwarding all ports to a host
Next by Date: controlling p2p & bittorrent
Previous by thread: Re: DNAT: forwarding all ports to a host
Next by thread: controlling p2p & bittorrent
Index(es):
- Date
- Thread