How to make iptables(NAT) not to send RST back

Printable View

01-10-2007
attojung

How to make iptables(NAT) not to send RST back

Hi,

I have some questions about using iptables to make a NAT.
Now my policy is

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISH -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

Where eth0 is my internal network and eth1 is external network.

And with this, once my NAT has got unsolicited TCP-SYN, it will reply back with TCP-RST.
Is it possible to make it just drop this SYN without response the RST back ?

Thx in advance
01-10-2007
cyberinstru

Hey, if you dnt wanna accept any new TCP packets (SYN packets) on your external interface, you can delibrately DROP the packet silently. So that no RST packet is sent...

:)
01-10-2007
attojung

Thank you very much,

Actually, I am now testing about NAT Traversal. And lots of techniques that use to punch NAT's hole is not allow to accept RST back because the hole is going to be closed if RST come.

Thx again, I will try to make it as your suggestion.
:cool: :cool: :cool: :cool:

All times are GMT. The time now is 05:32 AM.

Powered by vBulletin® Version 4.2.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.1