Hi,
So far, if have understand correctly: I route the incoming tcpip message of port 8099 directly to 8080 and then the ingress filter on port 8099 has nothing to do!?
Yes I think on different interface on one machine (different Ports for different Request, with different restriction).
What has exactly to be done to set the policier before Prerouting! Which kernel options, or also extra modules!?
On recent kernels if you select packet action in Qos and/or fair queuing of config the policer will be before PREROUTING.
Or how it can be done on iptable level??
You could have your DNAT rule only for packets from the interface you want eg .... -i eth1 DNAT ...... would only do packets inbound from eth1.
Andy. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
