List Info

Thread: Re: iptables NAT routing issues
Re: iptables NAT routing issues
country flaguser name
Netherlands		 2007-05-10 09:21:56 
Pascal Hambourg wrote:
> Use the outer box as a gateway, if it is in the same
network. You do 
> not have to use it as the default gateway for all
traffic but at least 
> for the HTTP return traffic. This could be done with
iptables and 
> advanced routing on the web server, for instance using
the source port 
> 80 to MARK packets or using CONNMARK/connmark.
I wasn't aware of that option, it seems to work fine 

Thanks.
>
> You could try to use the NOTRACK target on the web
server in order to 
> prevent the incoming SYN packets from creating a new
connection, so 
> the replies could be SNATed. But I would not bet a
euro-cent on such a 
> dirty method. If someone asks who suggested it, don't
say it's me. 
>
Re: iptables NAT routing issues
country flaguser name
France		 2007-05-10 14:31:10 
Bas Verhoeven a écrit :
> 
>> Use the outer box as a gateway, if it is in the
same network. You do 
>> not have to use it as the default gateway for all
traffic but at least 
>> for the HTTP return traffic. This could be done
with iptables and 
>> advanced routing on the web server, for instance
using the source port 
>> 80 to MARK packets or using CONNMARK/connmark.
> 
> I wasn't aware of that option, it seems to work fine


Which option did you choose ?

> Thanks.

You're welcome.
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )