To monitor what is going on you could always mark the packets and log them going through the system, no? I thought you could always drop the 'lo' interface and bind 127.0.0.1 to another inter face, but apparently that gives me an error every time I try to connect to it. I use 2.4.18 kernel and iproute2. You could try that, but I am not sure that it will do any good. Is this a constraint in the kernel for security, or just something wonky with my setup? -----Original Message----- From: Henry Ritzlmayr [mailto:h.ritzlmayr@xxxxxx] Sent: Friday, March 21, 2003 8:58 AM To: Netfilter Mailing List Subject: Re: Redirecting incoming traffic to 127.0.0.1 SNAT ist only valid in the POSTROUTING chain. But even that didn´t do the trick. Do you know any way to check what really happens with the packet since tcpdump only shows it before natting? If there is no tool/command or anything like that - than it looks like I
