I've a system that at its core has an UDP proxy that's the performance bottleneck. I wanted to use the DNAT kernel facilities to replace my code with the very tuned one on netfilter. I'm adding a rule that says something like this: /sbin/iptables -t nat -A PREROUTING -d myip -p udp -m udp --dport 5000 -j DNAT --to-destination otherip:18918 but the rule never see the packets (they never got to the chain) I assume that it's because I've a socket listening on udp:5000, and it seems reasonable what's happening... I'd like to add a PREPREROUTING chain that is processed before deciding if the packet is for a local socket, can somebody give me a hint on where to look for it? Saludos, HoraPe --- Horacio J. Peņa horape@xxxxxxxxxxxxxxxxx horape@xxxxxxxxxx
