Because my ISP doesn't allow service running on port 80, I wan to forward all trafic from internet that want to reach my port 80 to another port on another box (it start to be funny, isn't it?
)
So I first tried to forward connection from inside the network to another box and I was successful... here is the first script:
$IPTABLES -A PREROUTING -t nat -j DNAT -s 192.168.0.1 -p tcp --dport http --to-destination 192.168.0.3
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.3 -o ETH0 -j SNAT --to-source 192.168.0.1
This was working so now I'm tring to do the same thing but for the trafic coming from the net. But I have a problem ,since anyone can try to connect to me, I can't know where is "the source" I want to return to trafic to...
Example:
$IPTABLES -A PREROUTING -t nat -j DNAT -s 0/0 -p tcp --dport http --to-destination 192.168.0.3
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.3 -o ppp0 -j SNAT
--to-source ?.?.?.?
Now how can I know where to send back the trafic? is there a special option to ask iptables to memorize the ip from where the trafic is coming, to be able to send back the answer-trafic later?