Subject: Re: is this a job for ipnat?
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 12/05/1999 02:19:37
>> [...packet-rewriting want...]
> This should work just fine with a ipnat rule like:
> rdr ppp0 port=23 -> port=7575 tcp
> (or
> rdr ppp0 port=23 -> port=7575 tcp
> if you actually want connections to to
> get redirected.
> )
Oh, it's possible to be that specific? Wonderful. And yes, I really
want to redirect .78.38 port 23 to .78.1 port 57575, not .78.1 port 23
to .78.1 port 7575 - if I'd wanted to redirect .78.1 port 23 when using
the serial-line netlink, I could have and would have. :-)
> And, since ipnat keeps track of the connections it is currectly
> redirecting you will still be able to connect to port 7575 normally.
Oh, ick. I really don't want anything stateful; these connections
sometimes sit idle for long periods, and I don't want one to get killed
because the gateway box got rebooted.
It sounds as though ipnat does too much - I want its packet matching
and rewriting engine but not the rest of it. Is there some way to tell
it "don't keep state, just rewrite the packets"? I can easily enough
put rdr lines on both le0 and encap0 (saying ppp0 was a mistake, I now
realize - it's really encap0 that needs the rewriting; ppp0 sees only
the encapsulation "outer" packets) to rewrite packets in both
directions, if that's what it takes.
der Mouse
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B