Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] Another NAT Question
  • From: Erik Hensema <erik@xxxxxxxxxxx>
  • Date: Wed, 10 Dec 2003 14:29:44 +0100
  • Message-id: <20031210132944.GA3093@xxxxxxxxxxxxxxxxxxxxxxx>
On Wed, Dec 10, 2003 at 01:35:18PM +0100, BLeonhardt@xxxxxxxxxxx wrote:
>
>
>
>
> HI all,
>
> I'm not sure about the PREROUTING chain ..
>
> if I say :
>
> iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --dport 80 -j DNAT --to-destination 172.16.15.12:8080
>
> is the real source address present or the source address from the router ?

iptables always checks for the real source address of the packet, not some
address of a router which may be in between the source and the firewall.

--
Erik Hensema (erik@xxxxxxxxxxx)

< Previous Next >
This Thread
References