There was a problem in the old days where NAT for OUTPUT was broken. Not sure if this is the same case still or not, if so then you'll need to use the -p-o-m patch to fix the problem and it'll work. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Fox [mailto:admin@xxxxxxxxxxx] Sent: Wednesday, July 02, 2003 8:57 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: OUTPUT chain DNAT problem Hi. I'm having problems with rewriting outgoing packets. I've specified the following rule: iptables -t nat -A OUTPUT -d 10.0.0.2 -j DNAT --to-destination 192.168.0.2 When I ping 10.0.0.2 i get them rewritten (i check it with tcpdump and get stats with `iptables -t nat -L -v -n`). But when an application sends a packet to 10.0.0.2 it's not rewritten. I can't understand why. I need to to the following thing: A B C 10.0.0.2 ---> 192.168.0.1 ---> 192.168.0.2 A send requests to B and B replies to A. But i want those replies go to C and only C. Your help is appreciated. thanks. fox
