Additionally you'll use bandwidth through host number 1 for all reply packets, which would take a more direct route with the other approaches. Using SNAT will lose the client IP, so host number 2 will think all connections came from 192.168.12.87.A rule could look like iptables -t nat -A OUTPUT -p tcp -sport 80 -j SNAT -to-source 192.168.12.87Įach of those three solutions have drawbacks, so you need to carefully consider, if you really need to do this particular forwarding. Then handle the return packets on the second host by doing a SNAT on the return traffic. Use the naive (but not working) solution on the first host.
HOW TO SETUP PORT FORWARDING IN DDWRT AND PLANEPLOTTER MAC
By replacing the destination MAC of the packets with the MAC of 192.168.12.77 and sending it on the Ethernet without touching the IP layer, then 192.168.12.77 could have 192.168.12.87 configured on a dummy interface and thus be able to terminate the TCP connection with the server IP known to the client. Take inspiration from DSR load balancing and DNAT the packets at Ethernet layer instead of at IP layer.The rule could look something like iptables -t NAT -A POSTROUTING -d 192.168.12.77 -p tcp -dport 80 -j SNAT -to-source 192.168.12.87
You can set up rules that will cause the packets send to 192.168.12.87 to simply be NATted to 192.168.12.77, but 192.168.12.77 will then send replies directly back to the client. The reason a seemingly obvious iptables -t nat -A PREROUTING -d 192.168.12.87 -p tcp -dport 80 -j DNAT -to-destination 192.168.12.77 will not work is how the return packets will be routed.
0 kommentar(er)
