Hi,
The private adresses (192.168.254.0/255.255.255.0) of my network are sent
dynamically by dhcp on my network. The dhcp server is on the firewall which
address is 192.168.254.1/255.255.255.255 (this address is static).
I''ve got a rsync server on this network which is on a separe server.
His
address is 192.168.254.200/255.255.255.255 (this address is static).
I want that the users of the private network can make a rsync request to the
firewall, and the firewall forward the request to the rsync server
transparently.
For the moment, I can do it with shorewall but only by specifying the client
adress. I''m using masquerading and DNAT rule, in the example the client
address is 192.168.254.107/255.255.255.255 :
>masq file
eth0 192.168.254.107/32 192.168.254.254
eth0 192.168.254.200/32 192.168.254.254
>rules file
DNAT loc:192.168.254.107 loc:192.168.254.100 udp 873 -
DNAT loc:192.168.254.100 loc:192.168.254.107 udp 873 -
DNAT loc:192.168.254.107 loc:192.168.254.100 tcp 873 -
DNAT loc:192.168.254.100 loc:192.168.254.107 tcp 873 -
So I would prefer to redirect all rsync traffic from network. An other
important thing is that all my harware are on the same subnet (gateway,
server, workstations).
I''ve tried to use SNAT and DNAT ipatbles rules to do that but without
any
succes :
iptables -t nat -A POSTROUTING -d 192.168.254.1 -o eth0 -p tcp --dport 873 -j
SNAT --to-source 192.168.254.1
iptables -t nat -A POSTROUTING -d 192.168.254.1 -o eth0 -p udp --dport 873 -j
SNAT --to-source 192.168.254.1
iptables -t nat -A PREROUTING -d 192.168.254.1 -p tcp --dport 873 -j DNAT
--to-destination 192.168.254.200
iptables -t nat -A PREROUTING -d 192.168.254.1 -p udp --dport 873 -j DNAT
--to-destination 192.168.254.200
How can i do this ? Does I have to mark the packets ?
Thanks in advance for any help, link, ...
--
Aurélien MALO - amalo@cerdd.org
Tél. bureau : 03 21 08 52 42 - Tél. port : 06 21 54 23 80
CEntre Ressource du Développement Durable
