On Thu, Sep 14, 2006 at 11:58:02AM -0400, Janina Sajka wrote: > > > No, we flushed the ruleset in order to make certain we're isolating the > problem. Furthermore, iptables output suggests it's working, but it > doesn't actually work udp, though tcp works just as it should. If this is indeed a complete set of rules then maybe you found a bug. I do not know. > > iptables -t nat -I PREROUTING -p udp -d 66.92.XXX.XXX/32 --dport 5060 -j DNAT --to-destination 172.23.203.213 > iptables -t nat -A PREROUTING -p tcp -d 66.92.XXX.XXX/32 --dport 5060 -j DNAT --to 172.23.203.213 If you will fold two rules above into one by dropping protocol specifications does this change anything? According to docs DNAT option should be "--to-destination" in the second case too. > iptables -t nat -I POSTROUTING -s 172.23.203.213/32 -d 0.0.0.0/0 -j SNAT --to-source 66.92.XXX.XXX Two comments though. Personally when checking bigger rule sets I find an output of 'iptables-save', which writes on stdout, easier to read than 'iptables -L'. Also there is a LOG target which can help to track packets as they traverse through your iptables. Michal -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list