On December 14, 2003 07:32 am, horape@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
<< SNIPPAGE >>
> > that they go to another machine, or else divert packets which would have
> > gone somewhere else, so that they are accepted locally.
> >
> > You say the rule never sees the packets... how do you know this? Are
> > you looking at the packet / byte counters, and they stay at zero all the
> > time?
>
> Yes, and I've added a rule like this:
>
> /sbin/iptables -t nat -A PREROUTING -j LOG and don't see the packets.
Ummmm
if you ADD the rule above after the rule that is re-routing the packet,
no ... you wont see the packets. Try
iptables -t nat -I PREROUTING (line number)
where (line number) is less than the line on which your DNAT line occurrs.
(see iptables -t nat --line-numbers -v )
Alistair Tonner
(sadly missing a .sig file these days...)
>
> > You also say you have a local process listening on port 5000 - is that
> > getting any packets and responding to them, even with above rule in
> > place?
>
> Yes, it continues getting the packets.
>
> Saludos,
> HoraPe
> ---
> Horacio J. Peña
> horape@xxxxxxxxxxxxxxxxx
> horape@xxxxxxxxxx
