Re: Entirely ignoring TCP and UDP checksum in kernel level

[Brad Campbell]

Josan Kadett wrote:
> I am still persistent on the fact that NAT should work with this sense.
>
> I just enable NAT with the following command
>
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.5
>
> This IP 192.168.1.5 is our patched linux server which is allowed to acccess
> 192.168.1.77

Ok.. Idea time..
Can you add another linux box in there. Something like

Client (192.168.0.30) ---> Box1Eth0(192.168.0.1) SNAT Box1Eth1(192.168.1.99) ---> 
Box2Eth0(192.168.1.100) () Box2Eth1(192.168.77.99) ---> HorridBuggyBox(192.168.77.1)

With Box 1 doing the NAT and Box 2 having the patch and just doing normal routing.

Have a route in Box 1 set to send 192.168.77.0/24 to the gateway at 192.168.1.100 which will know to 
send anything destined for 192.168.77.1 out eth1.

If I try it, it's going to work fine as I don't have a box that munges IP's like yours does so I 
can't provide a full test. (I guess I could butcher another UML to do it if I really had to)

Doing this stuff is so much easier when you have the faulty device in front of you. Your not in the 
UAE by any chance ;p)

Regards,
Brad
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/