> by reading the iptables tutorial (version 1.1.11) i've constructed > a configuration that forwards a port on MYMACHINE to OTHERMACHINE: I see we are now at 1.1.15 :o) > # Generated by iptables-save v1.2.6a on Tue Nov 12 17:41:18 2002 > *nat > :PREROUTING ACCEPT [221:38784] > :POSTROUTING ACCEPT [78:7025] > :OUTPUT ACCEPT [72:6769] > > -A PREROUTING -d MYMACHINE -p udp -m udp --dport 27960 -j DNAT \ > --to-destination OTHERMACHINE:30000 > > -A POSTROUTING -d OTHERMACHINE -p udp -m udp --dport 30000 > -j SNAT \ > --to-source MYMACHINE > > -A OUTPUT -d MYMACHINE -p udp -m udp --dport 27960 -j DNAT \ > --to-destination OTHERMACHINE:30000 > If you are matching "-p udp --dport 27960", then why do you use "-m udp" ? It seems to me that if "-p udp --dport 27960" matches, it is already more restrictive than "-m udp". Could someone tell me when I would want to use "-m udp" ? I searched a bit and found a lot of scripts using it but didn't find anything that explains it. The following works for me (I don't need an OUTPUT rule in the nat table) : iptables -A FORWARD -d <pc2-ip> -p udp --dport 30000 -j ACCEPT ipatbles -t nat -A PREROUTING -d <inet-ip> -p udp --dport 27960 -j DNAT --to-destination <pc2-ip>:30000 Rob
