> I've a system that at its core has an UDP proxy that's the performance > bottleneck. I wanted to use the DNAT kernel facilities to replace my > code with the very tuned one on netfilter. > I'm adding a rule that says something like this: > /sbin/iptables -t nat -A PREROUTING -d myip -p udp -m udp --dport 5000 -j DNAT > --to-destination otherip:18918 > but the rule never see the packets (they never got to the chain) > I assume that it's because I've a socket listening on udp:5000, and it seems > reasonable what's happening... I'd like to add a PREPREROUTING chain that > is processed before deciding if the packet is for a local socket, can somebody > give me a hint on where to look for it? Thanks to everybody who helped. I've just wrote a new mangle target that does the translation and it's working great. Saludos, HoraPe --- Horacio J. Peņa horape@xxxxxxxxxxxxxxxxx horape@xxxxxxxxxx
