On Mon, 29 Mar 2004 22:42:16 +0100, Someone named Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> wrote: > On Monday 29 March 2004 9:26 pm, Cody Harris wrote: > > > It works once i ran this: > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22 -j DNAT --to > > 192.168.0.2:22 > > > > Why did i need that? Do i still need my other rules? (in my filter - > > forward chain)? > > You need a PREROUTING nat rule if you want the firewall to change the > destination address where the packets are going to. Oh, i get it. But if i didn't re-route the packet it would just go to this computer like it was? So i needed to preroute the packets to the correct box, right? > > You need a FORWARD filter rule to allow the packets through the firewall > (whether it's changed the destination address or not). So the forward rule filters the packets that are forwarded. It's not the part that makes the routing decision, like pre and postrouting are? > > Regards, > > Antony. > > -- > The first fifty percent of an engineering project takes ninety percent of the > time, and the remaining fifty percent takes another ninety percent of the > time. > > Please reply to the list; > please don't CC me. > > -- +------------------+-----------------------------+ | Cody Harris | --------------------------- | | ---------------- | --------------------------- | +------------------+-------+---------------------+---+ | *Sigh*. No key. | +----------------------------------------------------+
