What I'm trying to do is this. Let's say I have some service that runs on port 101 (hypothetically).
I want to continue to run it on that port internally, but I want to relocate it on my external interface because I'm tired of it being port-scanned, and it's no a particularly secure service. So I run my relocated service externally on port 10100. Internally on 101... and block packets sent directly to the external interface on port 101.... What I want to do is this. If a connection comes in for TCP/10100 on my external interface, I want to (a) --setmark the packet, and (b) -j DNAT --to-destination 101 on it. Then separately, if a packet is for TCP/101 and it came on my external interface: (a) accept it if it's marked (i.e. had been reNATted), (b) reject it if is isn't marked (i.e. hasn't been reNATted from TCP/10100). Simple, right? -Philip Lachlan Dunlop wrote: > Hi Phillip, > > I am on the way out the door. But if you want to send me (or the > list) the parameters. I would like to take a look for you tomorrow am. > > Lach > > On Sun, Dec 21, 2008 at 7:42 PM, Philip A. Prindeville > <philipp_s...@redfish-solutions.com > <mailto:philipp_s...@redfish-solutions.com>> wrote: > > Shot in the dark, but anyone on the list really good at iptables? > > I've been trying to figure out how to do something and it's simple > enough... but not obvious how to do it. > > I'm trying to get this functionality into trunk, but haven't been > able to. > > Thanks, > > -Philip > ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.