[ Thanks to Edmundo
for this link. ]
“Very recently I was asking this questions (which is
still open) at www.linuxquestions.org (the first place I hit when I
have a question regarding linux or gnu, by the way) and took a
brief look at the questions open on the networking forum and I hit
this beauty.“It’s a guy who has set up DNAT on netfilter to forward packets
that are sent to one host to another server that does the real
work. Think of it as a proxy. In his example, he wanted to forward
packets that arrive at his host on port 3306 to port 3197 on
another host (let’s use IP a.a.a.a). So, he set up a simple rule on
(nat) PREROUTING:$ iptables -t nat -A PREROUTING -p tcp –dport 3306 -j DNAT –to
a.a.a.a:3197“What this rule is doing is telling the kernel to change the
destination IP address of any packet that arrives at his host
through any network interface to IP address a.a.a.a (reachable from
his server, maybe not from the host that originated said packages)
and the destination port to 3197”