Michal Jaegermann writes: > On Wed, Sep 13, 2006 at 05:26:10PM -0400, Janina Sajka wrote: > > For some reason the DNAT target isn't working in the following situation. > > > > iptables -t nat -A PRErOUTING -i eth0 -p udp --dport 5060 -j DNAT --to 172.16.32.48 > > > > however > > > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT 172.16.32.48 > > works just fine. > > > > Any clue? > > My first guess would be that earlier you have a rule which does > DROP or REJECT on packets to port 5060. I assume that "PRErOUTING" > is a copying mistake. Right? > No, we flushed the ruleset in order to make certain we're isolating the problem. Furthermore, iptables output suggests it's working, but it doesn't actually work udp, though tcp works just as it should. Here's additional output: iptables -t nat -I PREROUTING -p udp -d 66.92.XXX.XXX/32 --dport 5060 -j DNAT --to-destination 172.23.203.213 iptables -t nat -A PREROUTING -p tcp -d 66.92.XXX.XXX/32 --dport 5060 -j DNAT --to 172.23.203.213 iptables -t nat -I POSTROUTING -s 172.23.203.213/32 -d 0.0.0.0/0 -j SNAT --to-source 66.92.XXX.XXX iptables -t filter -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT udp -- anywhere sonata.rednote.net udp dpt:sip to:172.23.203.213 DNAT tcp -- anywhere sonata.rednote.net tcp dpt:sip to:172.23.203.213 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 172.23.203.213 anywhere to:66.92.XXX.XXX Chain OUTPUT (policy ACCEPT) target prot opt source destination And yet it doesn't actually nat the connection to 172.23.203.213:5060. Like I said before I can get port 80 with tcp just fine. Janina and Frank > Michal > > -- > fedora-test-list mailing list > fedora-test-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-test-list -- Janina Sajka Phone: +1.202.595.7777 Partner, Capital Accessibility LLC http://CapitalAccessibility.Com Marketing the Owasys 22C talking screenless cell phone in the U.S. and Canada--Go to http://ScreenlessPhone.Com to learn more. Chair, Accessibility Workgroup Free Standards Group (FSG) janina@xxxxxxxxxxxxxxxxx http://a11y.org -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list