[plug] forwarding packets
Russell Steicke
r.steicke at bom.gov.au
Sat Feb 4 17:53:48 WST 2006
On Wed, Feb 01, 2006 at 08:25:59PM +0800, Jon Miller wrote:
> Russell,
> Thanks for the info
> The external is a static ipaddress. Are you saying the external of
> the gateway server or the internet public ip address. I ask
> because the external iface of the gateway server is in
> 192.168.100.xxx which connects to the cisco router ethernet iface.
> The external ip address of the router is static also.
You need to use whatever address is on the "outside" interface of the
box doing NAT.
> Just curious why POSTROUTING vs PREROUTING, from what I understand
> we are changing the source ip address after the routing has taken
> place and this will go out the external iface with a different
> (external iface) ip address. So if the internal ip address was
> 192.168.1.143 it would go out the gateway server as 192.168.100.2
> and this would hit the c2821 router and change agin from
> 192.168.100.2 to 203.161.xx.xx. Is this correct, just want to make
> sure this is fully understood.
Routing decisions are made based on the source address. So here the
routing gets done, and then just as the packet is about to be sent,
the source address is changed, and then that translation is remembered
for the duration of each connection.
Your description above seems correct.
> Funny how different iptables works vs novell bordermanager.
I've never used bordermanager in an admin role, but I think that's
what claims to "enhance the user experience" at TAFE colleges.
--
Russell Steicke
-- Fortune says:
A young girl once committed suicide because her mother refused her a new
bonnet. Coroner's verdict: "Death from excessive spunk."
-- Sacramento Daily Union, September 13, 1860
More information about the plug
mailing list