Le lun 15/09/2003 à 15:09, Ray Leach a écrit : > I think that the aliases on the interface have something to do with it. Nope. When you DNAT an IP address that does not belong to your DNATing box, there won't be anybody to answer prior router ARP requests on it, unless you either set an alias up or tell this router that the IP as to get routed through the DNATing box. > I have had to add input and output rules in some situations to get DNAT > to work the way it is supposed to (redirect to a different destination). > It is strange. Yes it is. I can get DNAT working without specifying any INPUT or OUTPUT chain. Can you illustrate a situation for which you have to specify INPUT and OUTPUT rules ? -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
