On Wed, 22 Oct 2003, Evan Harris wrote: > According to the documentation for iptables, it appears that the OUTPUT > chain on the nat table should happen before the routing decision is made, > but that appears to not be the case. Is this a bug, or are the docs wrong? > And if the docs are wrong, what is the correct way to accomplish this? > > I am using a stock linux kernel 2.4.20, with iptables 1.2.8. Is your kernel patched with p-o-m from iptables 1.2.8, or is it really a stock 2.4.20 kernel without any patches? You might want to try upgrading with at least the current p-o-m patches.. there has been numerous fixes to NAT of local traffic not too long ago. Also make sure you have the kernel option for NAT of local traffic enabled. Regards Henrik
