Re: [Jwall-developers] problems with nat

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello zack,

On Tue, 18 Nov 2003 00:59:43 -0500
zack <za...@th...> wrote:

> So, I am thinking this through a bit, and I wanted to pass it by you=20
> before I go ahead and code it...
>=20
> So here are some example rules with port address translation, with what=20
> goes into the PRE and POST chains after
>=20
> Src    Dest   Serv <-Xlated-> Src    Dest    Serv
> ---------------------------------------------------
>=20
> SNAT:
> A       B      80 <-Xlated->   A2     B       443
>  =20
> PRE:   =20
> match A  ->  B -> 80  -->  NAT:  80 to 443
> POST: =20
> match A  ->  B -> 443 --> NAT: A to A2
looks good.

> ---------------------------------------------------
>=20
> DNAT:
> A        B      80 <-XLated->   A     B2      443
>=20
> PRE:
> match A  ->  B  -> 80  --> NAT: B to B2, 80 to 443
also looks good.
> ----------------------------------------------------
>=20
> SNAT and DNAT:
> A        B      80 <-XLated->  A2      B2     443
>=20
> PRE:   =20
> match A  ->  B -> 80  -->  NAT: B to B2, 80 to 443
> POST: =20
> match A  ->  B2 -> 443 --> NAT: A to A2
looks good.
> ----------------------------------------------------
>=20
> So, for a sanity check, does this make sense to you?  Any suggestions?

In the actual coding regarding nat there is an error. The POSTROUTING
has a destination address "172.16.0.2:23" instead of destination
"172.16.0.2" and destination port "23".

J=F6rg

--=20
J=F6rg Sch=FCtter           http://www.lug-untermain.de/
jo...@sc...     http://www.schuetter.org/joerg/
ICQ: 298982789          http://mypenguin.bei.t-online.de/