On Sunday 02 May 2004 11:43 pm, Jee J.Z. wrote:
> Hi Antony,
>
> Oh, dear! I am making a lot ot mistakes. The rules are as follows:
>
> iptables -F
> iptables -F -t nat
> iptables -I FORWARD -j QUEUE
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to global_ip
> iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 192.168.0.2
>
> The problem is that it seems icmp request destined to PC2 can be caught by
> the FORWARD chain, however, the icmp reply destined to PC2 is ignored by
> the FORWARD chain.
This may seem like a strange suggestion (however, it seems you are trying to
do something quite strange, I think...), but try putting the QUEUE target
into the mangle table instead of the filter table (mangle tables generally
see more packets than filter tables, because nothing 'magic' happens in the
background, causing packets to bypass them, which is the case with filter
tables and nat tables):
iptables -A FORWARD -t mangle -j QUEUE
Regards,
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
