[wplug] IP forwarding with iptables--ARGH!
Tim Lesher
tim at lesher.ws
Wed Feb 11 17:25:29 EST 2004
On Wed, Feb 11, 2004 at 05:02:31PM -0500, Lance Tost wrote:
> Try REDIRECT rather than DNAT:
Tried that, same problem.
Then I got an odd thought... I'm testing this on the box that's doing
the redirect...
And lo and behold, if I send from a _different_ box, _to_ the box
doing the redirect, it works.
It appears that you *just* *can't* port-forward a packet sent from a
local connection, because the kernel doesn't look at the nat table for
locally-generated packets, and you can't mangle the packet from the
filter table.
Argh. Time to drink.
--
Tim Lesher <tim at lesher.ws>
http://www.lesher.ws
More information about the wplug
mailing list