[wplug] IP forwarding with iptables--ARGH!
Tim Lesher
tim at lesher.ws
Wed Feb 11 18:08:50 EST 2004
On Wed, Feb 11, 2004 at 06:03:32PM -0500, Eric C. Cooper wrote:
> On Wed, Feb 11, 2004 at 05:25:29PM -0500, Tim Lesher wrote:
> > It appears that you *just* *can't* port-forward a packet sent from a
> > local connection, because the kernel doesn't look at the nat table for
> > locally-generated packets, and you can't mangle the packet from the
> > filter table.
>
> It might work if you enable this kernel option:
>
> config IP_NF_NAT_LOCAL
Yep, that looks like it would do the trick. Fortunately, it doesn't
look as if it's going to affect me much in production, so I won't have
to go that route--just have to remember to run unit tests from a
separate machine.
--
Tim Lesher <tim at lesher.ws>
http://www.lesher.ws
More information about the wplug
mailing list