c******n
发帖数: 4965 | 1 【 以下文字转载自 Linux 讨论区 】
发信人: creation (努力自由泳50m/45sec !), 信区: Linux
标 题: Re: how to do this iptables setup?
发信站: BBS 未名空间站 (Fri Sep 16 20:55:09 2011, 美东)
but here's what I dont' understand:
I checked the packets in wireshark.
the first packet sent out by client is REAL_IP_OF_CLIENT_BOX to 127.0.0.1
I thought according to the tutorial http://www.frozentux.net/iptables-tutorial/images/tables_traverse.jpg
after DNAT changes the dest IP, it goes through another routing decision, so
at this step it should be set to the lo interface, so MASQUERADE should set
its source to be 127.0.0.1 ???
also wireshark shows that the return ip is $EXTERNAL_BOX_IP to REAL_IP_OF_
CLIENT_BOX, this is fine. but how is my application able to receive this
packet in its TCP connection? my sshd is listening on localhost only, but
the packet is addressed to REAL_IP_OF_CLIENT_BOX
my ssh client opens a TCP connection to $EXTERNAL_BOX_IP, so the tcp
connection expects to
-j | c******n
发帖数: 4965 | 2 anybody familiar with network layer could help me out?
Thanks
so
set
【在 c******n 的大作中提到】
: 【 以下文字转载自 Linux 讨论区 】
: 发信人: creation (努力自由泳50m/45sec !), 信区: Linux
: 标 题: Re: how to do this iptables setup?
: 发信站: BBS 未名空间站 (Fri Sep 16 20:55:09 2011, 美东)
: but here's what I dont' understand:
: I checked the packets in wireshark.
: the first packet sent out by client is REAL_IP_OF_CLIENT_BOX to 127.0.0.1
: I thought according to the tutorial http://www.frozentux.net/iptables-tutorial/images/tables_traverse.jpg
: after DNAT changes the dest IP, it goes through another routing decision, so
: at this step it should be set to the lo interface, so MASQUERADE should set
| n****I
发帖数: 731 | 3 NOt ask me!
so
set
【在 c******n 的大作中提到】
: anybody familiar with network layer could help me out?
: Thanks
:
: so
: set
|
|
