|
On Tue, 18 Oct 2005, Pascal Bleser wrote:
Joseph Mack NA3T wrote:
On Tue, 4 Oct 2005, Pascal Bleser wrote:
Now I use a simple TCP forwarder, rinetd.
hadn't heard of this. Had a look on Boutell's page. For the HOWTO, how
is this better than some iptables rules?
Hi Joe, sorry for the very late reply.
no problem. computers just sit there till a problem is
fixed. It's not like biology where the object of interest
is dead if you don't do something right away. I used to
be a biochemist and you could never leave an experiment.
I do have some experience with iptables and have set up some custom firewall
scripts with it, but
I'm not aware of how I could actually rewrite both the source (SNAT) and
destination (DNAT) addresses.
yes a problem.
I could try, though, but the only way I can see as of now is to have both an
SNAT and a DNAT rule,
the first in POSTROUTING, the latter in PREROUTING or OUTPUT.
sounds mathematically impossible :-)
can you make the machine in the middle into a bridge for
packets on the LVS network (I don't know if you can do that
- proxy arp perhaps?). Since you already have a working
solution, I can't see any reason to put much more effort
into it.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
