|
You
may need a bridge patch to make iptables work on a bridge... not 100% sure but
that might be it.
A
bridge links 2 network cards together basically, so it listens and learns ARP
addresses on each side and basically proxys the ARP so link the 2 sides of the
machine together making it almost 100% transparent... I've been told years ago
that it bypasses the packets filtering because of this..
But
that was years ago and I've been told since that there are patches to enable the
filtering but I don't know much more than that..
hope
that's some info for you..
Thanks, George Vieira Citadel Computer Systems Pty Ltd
-----Original Message-----
From: subramanya [mailto:angeeras@xxxxxxxxxxxxx] Sent: Tuesday, June 03, 2003 2:25 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: help regarding DNAT i am a student doing my final year
engineering project work.
i am faced with a problem:i want to
DNAT all the packets and ia m using the following command:
iptables -t nat -I PREROUTING -p ALL
-j DNAT -s xx.xx.xx.xx -d yy.yy.yy.yy --to-destination zz.zz.zz.zz
this works fine on a router. but this
doesnot work on a machine that acts as a bridge. the packets that are entering
the PREROUTING chain are lost in that chain.
what could the problem be? plz
help
|
