I'm confused while trying to understand the DNAT mechanism under below circumstance.
My understanding:
DNAT -> Destination Network Address Translation - Functionality which translates the dst address of the incoming packets --to--destination x.
I am facing difficulty in understanding the DNAT reply path.
For E.G
I have a machine (A) with an IP of x1 and wanted all connections/packets coming to this machine (dest y1) to get rerouted to another machine (B) with an IP address of z1.
So I added a new NAT rule as below:
iptables -t nat -A PREROUTING -s x1 -d y1 -j DNAT --to-destination z1.
Test on MACHINE A >ping -I x1 y1
if I run "tcpdump -i eth6 icmp" on machine A then getting an reply from IP "y1" instead z1?? or it is something that the un-NAT is performed based on the subnet mask ?
And when I monitored "tcpdump -i eth6 host z1" there isn't any incoming ping or packet.
Could someone clarify this scenario and my understanding ?
And also, is there anyway we can make this tcpdump if the packet is locally translated ?
Thanks in Advance.
Aucun commentaire:
Enregistrer un commentaire