Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, I have some questions about using iptables to make a NAT. Now my policy is iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth1 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2007
    Posts
    2

    How to make iptables(NAT) not to send RST back


    Hi,

    I have some questions about using iptables to make a NAT.
    Now my policy is

    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISH -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

    Where eth0 is my internal network and eth1 is external network.

    And with this, once my NAT has got unsolicited TCP-SYN, it will reply back with TCP-RST.
    Is it possible to make it just drop this SYN without response the RST back ?

    Thx in advance

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    Hey, if you dnt wanna accept any new TCP packets (SYN packets) on your external interface, you can delibrately DROP the packet silently. So that no RST packet is sent...



  3. #3
    Just Joined!
    Join Date
    Jan 2007
    Posts
    2
    Thank you very much,

    Actually, I am now testing about NAT Traversal. And lots of techniques that use to punch NAT's hole is not allow to accept RST back because the hole is going to be closed if RST come.

    Thx again, I will try to make it as your suggestion.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •