В Птн, 10/11/2006 в 16:39 +0100, dAm2K пишет:
Once again, all those packets reach INPUT chain, rules in -t nat -I
PREROUTING not working.
So here is the question: Does the UDP is being DNAT'ed differently
comparing with TCP? What is the difference? How can I DNAT them?
If your HW UDP pinger's default gateway is your natting firewall, try
to ping directly the 192.168.1.2 web server. If default gateway is
another router, try adding the route 192.168.1.0/25 to you HW pingers
and ping directly 192.168.1.2.
That would probably help, but it is not desirable. The topology may
change, so it's better ping the closest roouter and to natting in it.
If this is not possible (and you are UDP pinging you firewall) open
dport 4000 udp in INPUT chain on your firewall and do natting:
iptables -t filter -A INPUT -p udp -m udp -s 10.10.0.0/16 -d
10.10.100.1 --dport 4000 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -m udp -s 10.10.0.0/16 -d
10.10.100.1 --dport 4000 -j DNAT --to-destination 192.168.1.2
This way 192.168.1.2 host should receive udp packets coming from the firewall.
This is what I've done. But, packets are reaching INPUT chain, counters
of the first rule are increasing, and packets are not reaching second
rule, it's counters are zero all the time. And DNAT'ing not working :/
My setup is running smoothly with UDP and NAT, I'm using with
playstation online games...
Hope this help. Bye, Dino.
--
Покотиленко Костик [EMAIL PROTECTED]
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
