iptables OUTPUT SNAT
David Tok
theo na coolnet.cz
Pondělí Leden 28 13:40:45 CET 2002
On 28 Jan 2002, Tomas Cermak wrote:
:ou, mate pravdu, je tam :-)
:nicmene zpet k otazce. Podle mne to nejde. SNAT se da
:delat jen v POSTROUTING kanalu a DNAT v PREROUTING.
:Alespon tak chapu vetu z NAT-HOWTO
:
:"6.1 Source NAT
:... different. This is done in the POSTROUTING chain,
:just before it is finally..."
:
:a
:
:"6.2 Destination NAT
:
: This is done in the PREROUTING chain, just as the..."
Samozrejme, me slo pouze to, ze packet putuje "nat" retezci:
PREROUTING -> POSTROUTING - pokud pouze prochazi a neni urcen pro pocitac
na kterem se toto deje a
OUTPUT -> POSTROUTING - pokud je to odchozi packet. To znamena, ze i kdyz
v OUTPUT snat nastavite, tak se to pokazi na masq. ktera se deje v
POSTROUTINGu, protoze masq. prave meni zdrojove IP a port.
Mysli, ze by mohlo pomoct ip (parametr from) a advanced routing.
-- david tok
Další informace o konferenci Linux