Replace sender ip with iptables
Hi list One of my router sends requests a (snort)database server somewhere in the vpn. I want to replace the sender ip of this requests using iptables in order to change the external nic ip (that is not routeable vpn wide) to the internal nic ip. Example src 10.10.1.1:2034 --> dst 192.168.3.1:5432 should become src 192.168.1.1:2034 --> dst 192.168.3.1:5432 Think i need a statement for the PREROUTING chains. But howto exactly ? Or can i force snort to bind the internal interface for such requests ? Thx in advance Michael
GentooRulez wrote: [replace src ip question]
Think i need a statement for the PREROUTING chains. But howto exactly ?
no, it's postrouting: iptables -t nat -I POSTROUTING -s 10.10.1.1 -p tcp --dport 5432 -j SNAT --to-source 192.168.1.1 (maybe you'll add more matches to match just your VPN connection. regards
participants (2)
-
GentooRulez
-
Sven 'Darkman' Michels