Please help...iptables

**bhupeshchawda** · 03-03-2007

Hi all,
This is the actual setup:

[CLIENT] -- [INTERNET] -- [ROUTER MACHINE] -- [DB SERVER]

The ROUTER MACHINE and the DB SERVER are on the same LAN.
I want that any packet sent from the CLIENT to the DB SERVER should be received at the ROUTER MACHINE and SHOULD NOT GO TO THE DB SERVER DIRECTLY. I need to make changes to the packet at the ROUTER.
Is this possible using iptables using DNAT or REDIRECT I suppose?? if so , how??
Please please help me...
Thanks a lot in advance...

**cyberinstru** · 03-03-2007

What changes do u you want to make?

Do u want to redirect it to a different port no?

Do u want to change source port/dst port/dst IP?

Do u want set up any marks by mangling the packet?

Can u give us some more details?

**bhupeshchawda** · 03-03-2007

Originally Posted by cyberinstru

What changes do u you want to make?

Do u want to redirect it to a different port no?

Do u want to change source port/dst port/dst IP?

Do u want set up any marks by mangling the packet?

Can u give us some more details?

Hi
I want to decrypt the packet as the client will encrypt the packet ...
when I get the packet on the ROUTER MACHINE I can do the decryption and other tasks and then inject the packet towards the DB SERVER.

Thanks for ur reply...

**cyberinstru** · 03-03-2007

Well.. here Firewall has got nothing to do.

Generally most of the DB inmplementations provide support for encrypting DB traffic. In case, if u want to use ur own DB crypt, then you need to have a proxy DB on the router, do encryption/decryption there and direct it to DB server/client.

But it is recommended to use DB's in-built crypts.

Thread Tools

Display

Please help...iptables

Posting Permissions