[lug] Iptables
David L. Anselmi
anselmi at anselmi.us
Fri Aug 4 17:00:35 MDT 2006
Dan Ferris wrote:
> Hello list,
>
> I have the following in an iptables setup:
> Chain PREROUTING (policy ACCEPT 41 packets, 4193 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 DNAT all -- * * 0.0.0.0/0
> 204.184.20.221 to:10.2.253.21
So it looks like packets are hitting the chain, just not matching a
rule. What command did you use to set these up (one DNAT and
corresponding SNAT should do)?
You don't have to SNAT every IP. Just masquerading everything will work
(and applies to connections initiated by the servers--DNAT should take
care of both directions for incoming connections). In fact, maybe
attacking one rule for one server at a time would help.
I assume the firewall has aliases for all the 204.x addresses on its
outside interface.
Dave
More information about the LUG
mailing list