The PREROUTING chain is only traversed for packets being forwarded through a host, not locally generated connections. According to the docs, in order to DNAT local conns, it must be done in the OUTPUT chain. Evan On Thu, 23 Oct 2003, Jeffrey Laramie wrote: > Evan Harris wrote: > > >Ok, I've upgraded to kernel 2.4.22, and the same behaviour is being > >exhibited. > > > >To recap the problem: > > > >Packets being nat'd on the OUTPUT chain of a machine are still being sent on > >the same interface they would have without the nat, and ignoring the route > >that aims them to the right iface for that dest addr. > > > >Evan > > > > > > > > I haven't seen the rest of this thread, so I may have missed something, > but why are you doing DNAT on the nat OUTPUT chain? DNAT is usually done > on the nat PREROUTING chain and SNAT on the POSTROUTING chain. Anything > done in filter OUTPUT, mangle POSTROUTING, or nat POSTROUTING could > change the direction of your packets before they leave your host. > > Jeff > > >
