On Thursday 04 December 2003 12:21 pm, sc2@xxxxxx wrote:
> hello
> when i want forward ip > to > ip. (.51 > 58)
> iptables -A PREROUTING -p tcp -d xx.xxx.xx.51 --dport 27021 -j DNAT --to
> xx.xxx.xx.58:27021
You cannot "forward" packets from one machine to another when they live on the
same subnet (I assume that both xx.xxx.xx. in the above rule are the same),
because the packets will not go through the netfilter machine. They simply
go direct from client to server and back again across the wire.
Netfilter can only influence packets which are being *routed through* the box
it is running on (or which start or stop on the box itself) - ie from one
subnet to another.
Antony.
--
Success is a lousy teacher. It seduces smart people into thinking they can't
lose.
- William H Gates III
Please reply to the list;
please don't CC me.
