|
DNAT on first SYN ACK packet
I am trying to simply address translate TCP packets from one destination IP to another destination IP (DNAT?) without getting the initial SYN packet. Is this possible? I do not think it is with DNAT since the conntrack needs SYN first.
I have given the command: sudo /sbin/iptables -p tcp -s 100.100.13.13 --sport 5001 -t nat -A PREROUTING -j DNAT --to-destination 192.168.99.13 The problem is that the first packet that matches this rule will be the SYN-ACK and I suspect it is simply DROPPED. I am sparing you the gory details of why I would do such a silly thing, but simply put; I need to intercept client-to-server packets through a tunnel, but allow server-to-client packets to follow through the regular network. I have been working on this for many days w/o success and my learning curve is still steep. I can provide more details as needed. Thanks... |
|
Thanks for the post.
However I am not sure how it relates to NAT and my initial question / problem. It talks about telnet, tftp, and configuring cisco routers. Perhaps I missed something in the details. If you could elaborate on how it relates to NAT, that would be great. Thanks.. |
| All times are GMT -5. The time now is 01:22 AM. |