Thursday, July 15, 2010

Re: DNAT: forwarding all ports to a host

Hello,

green a écrit :
>
> # iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.2.10
>
> But what affect does this have on ESTABLISHED,RELATED connections?

Absolutely none.

> Does this
> interfere with, say, a reply from google.com:80 to network host 192.168.2.99?

No. Only the first packet of a new connection (i.e. the first one in the
state NEW) goes through the 'nat' rules. Existing connections are not
affected by 'nat' rules.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4C3F7934.50503@plouf.fr.eu.org

No comments:

Post a Comment