В Птн, 10/11/2006 в 16:39 +0100, dAm2K пишет:
> > > Once again, all those packets reach INPUT chain, rules in -t nat -I
> > > PREROUTING not working.
> > >
> > > So here is the question: Does the UDP is being DNAT'ed differently
> > > comparing with TCP? What is the difference? How can I DNAT them?
>
> If your HW UDP pinger's default gateway is your natting firewall, try
> to ping directly the 192.168.1.2 web server. If default gateway is
> another router, try adding the route 192.168.1.0/25 to you HW pingers
> and ping directly 192.168.1.2.
That would probably help, but it is not desirable. The topology may
change, so it's better ping the closest roouter and to natting in it.
> If this is not possible (and you are UDP pinging you firewall) open
> dport 4000 udp in INPUT chain on your firewall and do natting:
>
> iptables -t filter -A INPUT -p udp -m udp -s 10.10.0.0/16 -d
> 10.10.100.1 --dport 4000 -j ACCEPT
> iptables -t nat -A PREROUTING -p udp -m udp -s 10.10.0.0/16 -d
> 10.10.100.1 --dport 4000 -j DNAT --to-destination 192.168.1.2
>
> This way 192.168.1.2 host should receive udp packets coming from the firewall.
This is what I've done. But, packets are reaching INPUT chain, counters
of the first rule are increasing, and packets are not reaching second
rule, it's counters are zero all the time. And DNAT'ing not working :/
> My setup is running smoothly with UDP and NAT, I'm using with
> playstation online games...
>
> Hope this help. Bye, Dino.
>
--
Покотиленко Костик <casper@meteor.dp.ua>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|