[Firehol-support] Re: firehol port forwarding

Daniel Pittman daniel at rimspace.net
Sun Jul 25 00:38:12 BST 2004

On 25 Jul 2004, techHome at acn.gr wrote:
> I also have a forwarding issue. The subnet on my eth1 (LAN) side is
> and I want to forward all incoming connections at my server in
> port ..say.. 3333 to port 3333 on another computer on the Local Lan,
> however this doesn't seem to work:
> nat redirect-to 3333 inface eth1 src proto tcp dport 3333

If I understand correctly, you want to NAT packets from one machine on a
lan to another machine on the same LAN, right?

This is discussed here:

Basically, this will not work right without additional work, because of
the way packet paths are resolved.

When a machine wants to send a packet from to, and
that network is on the same subnet, it does an 'arp' for the machine
holding the address, then sends the packet direct to that machine.

NAT only works when *both* directions of a connection pass through the
NAT machine.


