What tool shows /proc/net/nf_conntrack
Andre Speelmans
fedora-list at cosiso.nl
Sun Aug 28 05:00:26 UTC 2011
> Sam Varshavchik <mrsam at courier-mta.com> wrote:
>> I forwarded a port, using system-config-firewall.
>>
>> The destination machine, not surprisingly, shows the IP address of
>> the firewall as the source of the connection. The goal is obtaining
>> the connection's real source IP. However, on the firewall the
>> forwarded connection isn't reported anywhere by netstat or ss.
On Sun, Aug 28, 2011 at 1:50 AM, Kevin Fenzi <kevin at scrye.com> wrote:
> This is a DNAT forward? it should show the IP of whatever machine is
> sending the request, not the firewall box in the middle.
As the forwarded port most likely also does SNAT, so the receiving
machine can send its packets back, the receiver has no clue about the
original sender and will show the IP of the firewall.
--
Regards,
André
More information about the users
mailing list