On Tuesday 20 April 2004 17:33, udo wrote: > $path_iptables -t nat -A PREROUTING -p tcp -i $ext_if > -s 0/0 -d $ext_ip --dport 222 -j DNAT --to > 127.0.0.1:22 > How can I make the sshd (attached to loopback) work > without `martian destination` messages for packets > destined for port 22? Please see my lengthly post about this from last month. Due to the way the martian checking code in the kernel is written, I do not think this is possible. http://lists.netfilter.org/pipermail/netfilter/2004-March/051615.html Hopefully somebody can prove this wrong, I hope that post helps you. David
