i have the following roules in nat/PREROUTING:
Chain PREROUTING (policy ACCEPT 89 packets, 5600 bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- any any anywhere anywhere
tcp dpt:webcache to:10.0.6.6:80
0 0 DNAT tcp -- any any anywhere anywhere
tcp dpt:domain to:10.0.6.5
3 193 DNAT udp -- any any anywhere anywhere
udp dpt:domain to:10.0.6.5
i guess the third one might be the one that is doing the wrong job.
although, it should only alter incoming packets on port 53 to my external ip
so that they go to the internal box which is running the dns server. it
should not touch the source address which will be become the destination
address of the dns replies. or am i wrong?
thank for now!
