On Wed, 2004-01-21 at 13:08, alok.shukla@xxxxxxxxxxx wrote: > hi everybody ,,, > I have a unique problem. > > I have created a rule in the prerouting chain in the nat table to DNAT > every packet coming from 10.11.12.0/24 network to the webserver > running on the local machine > > Now i want one of the IP from this pool to be exempted from this rule. > I had put a rule in the mangle table so as to RETURN from prerouting > chain. You need to put the rule in the same chain, just above your other rule. iptables -t nat -A PREROUTING -i eth0 -p tcp -s 10.11.12.1 -j RETURN iptables -t nat -A PREROUTING -i eth0 -p tcp -s 10.11.12.0/24 -j DNAT --to 1.2.3.4 This works for me ... > > I think that this RETURN is not working. I would like to know the > other ways i can make a machine exempted from the DNAT that is > occuring. > > Kindly suggest > > Alok Shukla > > > ______________________________________________________________________ > Powered by Xgen(Next Generation Email Client) > http://www.datainfosys.com > Do not remove this:[XGEN]210120043820224284:NM[-XGEN-] -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
