[Firehol-support] Re: firehol port forwarding

Daniel Pittman daniel at rimspace.net
Sun Jul 25 00:38:12 BST 2004


On 25 Jul 2004, techHome at acn.gr wrote:
> I also have a forwarding issue. The subnet on my eth1 (LAN) side is
> 10.0.0.0 and I want to forward all incoming connections at my server in
> port ..say.. 3333 to port 3333 on another computer on the Local Lan,
> however this doesn't seem to work:
>
> nat redirect-to 3333 inface eth1 src 10.0.0.25/24 proto tcp dport 3333

If I understand correctly, you want to NAT packets from one machine on a
lan to another machine on the same LAN, right?

This is discussed here:
<http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html>

Basically, this will not work right without additional work, because of
the way packet paths are resolved.


When a machine wants to send a packet from 10.0.0.1 to 10.0.0.15, and
that network is on the same subnet, it does an 'arp' for the machine
holding the address, then sends the packet direct to that machine.

NAT only works when *both* directions of a connection pass through the
NAT machine.

    Daniel

-- 
If there really is a God who created the entire universe with all of its
glories, and He decides to deliver a message to humanity, He will not use, as
His messenger, a person on cable TV with a bad hairstyle.
        -- Dave Barry





More information about the Firehol-support mailing list