On Friday 03 May 2002 5:53 pm, Alexander Newald wrote: > Hello, > > I have a difficult ip (tcp) rewrite question (IPs are examples): > > Mashine 1 123.123.123.123 ------------- internet > Mashine 2 213.213.213.213 ------------- internet > > I now want to make a rule to forward all traffik to 123.123.123.123:81 to > 213.213.213.213:80. Mashines 1 and 2 are not connected through a local > network
> and get a timeout with requests from remote hosts to 123.123.123.123:81 > but can reach 213.213.213.213:80 Routing is your problem. Because as you say, machine 1 and machine 2 are not connected through a local network, the reply packets have no reason to go back the way they came, so the reverse address translation will never happen. Example: Client on address 1.2.3.4 sends packet to 123.123.123.123:81, which gets destination NATted to 213.213.213.213:80, packet goes to that machine and is received. Machine 213.213.213.213 then replies to the source address, which is 1.2.3.4, and the reply routes across the Internet in the normal way, without having to go back through 123.123.123.123 Therefore client 1.2.3.4 sent a request to 123.123.123.123:81 and gets a response from 213.213.213.213:80, which it has no idea what to do with, and ignores. You will find it virtually impossible to do what you want unless you start doing SNAT as well, which might destroy any useful IP addresses in your log files (but if you don't mind that, then this is your solution). Antony.
