On Sat, 2003-12-13 at 19:52, horape@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote: > I've a system that at its core has an UDP proxy that's the performance > bottleneck. I wanted to use the DNAT kernel facilities to replace my > code with the very tuned one on netfilter. > > I'm adding a rule that says something like this: > > /sbin/iptables -t nat -A PREROUTING -d myip -p udp -m udp --dport 5000 -j DNAT > --to-destination otherip:18918 Try: /sbin/iptables -t nat -A PREROUTING -d myip -p udp --dport 5000 -j DNAT --to otherip:18918 And ensure you are letting traffic for -d otherip -p udp --dport 18918 through FORWARD chain. > but the rule never see the packets (they never got to the chain) > > I assume that it's because I've a socket listening on udp:5000, and it seems Nope. > reasonable what's happening... I'd like to add a PREPREROUTING chain that > is processed before deciding if the packet is for a local socket, can somebody > give me a hint on where to look for it? If it's for local, it can be seen in Mangle Prerouting, then Nat Prerouting, then Mangle Input, then Filter Input. > Saludos, > HoraPe > --- > Horacio J. Pea > horape@xxxxxxxxxxxxxxxxx horape@xxxxxxxxxx j
