On Mon, Jan 06, 2003 at 12:39:35AM +1300, Ian Batterbee wrote: > Chain PREROUTING (policy ACCEPT 16 packets, 1278 bytes) > pkts bytes target prot opt in out source > destination > 26 1248 NOTHING tcp -- eth0 any anywhere > 192.168.0.0/24 tcp dpt:www > 28 1344 REDIRECT tcp -- eth0 any anywhere > !x.x.0.0/16 tcp dpt:www redir ports 3128 > > Chain POSTROUTING (policy ACCEPT 29 packets, 1892 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 24 packets, 1638 bytes) > pkts bytes target prot opt in out source > destination > > Chain NOTHING (1 references) > pkts bytes target prot opt in out source > destination I *think* your problem is that the NOTHING chain is empty, so at the end of it it just returns to the calling chain. Why not just simply -j ACCEPT on the rule in PREROUTING? That should stop it processing any further down the PREROUTING for packets with that destination. -Ath -- - Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/ Finger athan(at)fysh.org for PGP key "And it's me who is my enemy. Me who beats me up. Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
Attachment:
pgp00245.pgp
Description: PGP signature
