* port forwarding AND local application consumption...
@ 2006-09-27 20:55 Lucas Diaz
2006-09-28 8:29 ` Jan Engelhardt
0 siblings, 1 reply; 4+ messages in thread
From: Lucas Diaz @ 2006-09-27 20:55 UTC (permalink / raw)
To: netfilter
I use kernel 2.4.x.
I need to do port forwarding to a remote host AND to
pass these packets to a local application.
I used the DNAT feature in iptables and it does the
port forwarding. But the issue is that these forwarded
packets are unreachable to local application.
Any tips about proper iptables' rules to accomplish both?
Appreciate your help.
-D
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: port forwarding AND local application consumption...
2006-09-27 20:55 port forwarding AND local application consumption Lucas Diaz
@ 2006-09-28 8:29 ` Jan Engelhardt
2006-09-28 20:29 ` dave
0 siblings, 1 reply; 4+ messages in thread
From: Jan Engelhardt @ 2006-09-28 8:29 UTC (permalink / raw)
To: Lucas Diaz; +Cc: netfilter
> I use kernel 2.4.x.
> I need to do port forwarding to a remote host AND to
> pass these packets to a local application.
>
> I used the DNAT feature in iptables and it does the
> port forwarding. But the issue is that these forwarded
> packets are unreachable to local application.
Of course, you just changed the IP address to something else than your
own box. With DNAT, you explicitly 'give' up the connection for the
local host.
>
> Any tips about proper iptables' rules to accomplish both?
Apart from writing your own target extensions, I know of none. Might use
ipt_ROUTE as a base, it contains a --tee option.
Jan Engelhardt
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: port forwarding AND local application consumption...
2006-09-28 8:29 ` Jan Engelhardt
@ 2006-09-28 20:29 ` dave
2006-09-28 20:33 ` dave
0 siblings, 1 reply; 4+ messages in thread
From: dave @ 2006-09-28 20:29 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
I use redhat kernel 2.4.x and looks like I need to
rebuild the kernel if I want to use ROUTE target?
None of the iptables' rpms for fedora/redhat distro
contain libipt_ROUTE.so.
What is best way to incorporate ROUTE target in
my situation?
-D
--- Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
> > I use kernel 2.4.x.
> > I need to do port forwarding to a remote host AND
> to
> > pass these packets to a local application.
> >
> > I used the DNAT feature in iptables and it does
> the
> > port forwarding. But the issue is that these
> forwarded
> > packets are unreachable to local application.
>
> Of course, you just changed the IP address to
> something else than your
> own box. With DNAT, you explicitly 'give' up the
> connection for the
> local host.
>
> >
> > Any tips about proper iptables' rules to
> accomplish both?
>
> Apart from writing your own target extensions, I
> know of none. Might use
> ipt_ROUTE as a base, it contains a --tee option.
>
>
> Jan Engelhardt
> --
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: port forwarding AND local application consumption...
2006-09-28 20:29 ` dave
@ 2006-09-28 20:33 ` dave
0 siblings, 0 replies; 4+ messages in thread
From: dave @ 2006-09-28 20:33 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
Here is the related Bugzilla who direct the needed
ones to netfilter!
Bugzilla Bug 145642: iptables ROUTE target does not
work
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145642#c3
-D
--- dave <ceek63@yahoo.com> wrote:
>
> I use redhat kernel 2.4.x and looks like I need to
> rebuild the kernel if I want to use ROUTE target?
>
> None of the iptables' rpms for fedora/redhat distro
> contain libipt_ROUTE.so.
>
> What is best way to incorporate ROUTE target in
> my situation?
>
> -D
>
>
> --- Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
>
> > > I use kernel 2.4.x.
> > > I need to do port forwarding to a remote host
> AND
> > to
> > > pass these packets to a local application.
> > >
> > > I used the DNAT feature in iptables and it does
> > the
> > > port forwarding. But the issue is that these
> > forwarded
> > > packets are unreachable to local application.
> >
> > Of course, you just changed the IP address to
> > something else than your
> > own box. With DNAT, you explicitly 'give' up the
> > connection for the
> > local host.
> >
> > >
> > > Any tips about proper iptables' rules to
> > accomplish both?
> >
> > Apart from writing your own target extensions, I
> > know of none. Might use
> > ipt_ROUTE as a base, it contains a --tee option.
> >
> >
> > Jan Engelhardt
> > --
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-09-28 20:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-09-27 20:55 port forwarding AND local application consumption Lucas Diaz
2006-09-28 8:29 ` Jan Engelhardt
2006-09-28 20:29 ` dave
2006-09-28 20:33 ` dave
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.