Results 1 to 3 of 3
Hi,
I have some questions about using iptables to make a NAT.
Now my policy is
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 ...
- 01-10-2007 #1Just Joined!
- Join Date
- Jan 2007
- Posts
- 2
How to make iptables(NAT) not to send RST back
Hi,
I have some questions about using iptables to make a NAT.
Now my policy is
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISH -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
Where eth0 is my internal network and eth1 is external network.
And with this, once my NAT has got unsolicited TCP-SYN, it will reply back with TCP-RST.
Is it possible to make it just drop this SYN without response the RST back ?
Thx in advance
- 01-10-2007 #2Linux User
- Join Date
- Jan 2007
- Location
- India
- Posts
- 362
Hey, if you dnt wanna accept any new TCP packets (SYN packets) on your external interface, you can delibrately DROP the packet silently. So that no RST packet is sent...
- 01-10-2007 #3Just Joined!
- Join Date
- Jan 2007
- Posts
- 2
Thank you very much,
Actually, I am now testing about NAT Traversal. And lots of techniques that use to punch NAT's hole is not allow to accept RST back because the hole is going to be closed if RST come.
Thx again, I will try to make it as your suggestion.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts