El jue, 05-08-2004 a las 21:23 -0700, Phil Oester escribiÃ: > On Thu, Aug 05, 2004 at 11:29:14PM -0300, Damian Gatabria wrote: > > So, while this iptables rule does work for port forwarding > > to another host: > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -m multiport \ > > --dports mysql -j DNAT --to some.other.host > > > > changing "some.other.host" to 127.0.0.1 doesn't work > > as expected, and packets seem to be dropped altogether. > > Using tcpdump i can see packets reaching eth0, but > > never reaching loopback. > > Did you add a rule in your INPUT chain to allow this traffic? > > Phil > - Hi. Yes, i did try adding one, but it seems to make no difference. tcpdump reports no packets as being dropped by the kernel. They just seem to go nowhere. Adding a LOG rule just before the PREROUTING one shows the SYN is being received, also. BTW, this machine is running kernel 2.6.7, and i'm also using a second "testing" machine, running 2.6.5. Does anyone know if this kind of setup is supposed to be supported at all? regds. -- Damian Gatabria <damian_g@speedy.com.ar> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
