Sorry, about not beeing in the thread. I just subscribed and can see message just in archive... > > Needs: > > To change destination IP of some packets coming from Internet. ie to > > change destination IP from aaa.aaa.aaa.12 to aaa.aaa.aaa.13 ... > > iptables -t nat -A PREROUTING -d aaa.aaa.aaa.12 -j DNAT --to-dest > > aaa.aaa.aaa.13 > > Do you have a FORWARD rule allowing packets through to aaa.aaa.aaa.13 after > they've been NATted? Yes. Also packets from Internet to aaa.aaa.aaa.13 reach destination. I am more worried about fact, that -t nat -A PREROUTING -j DNAT ... and then -t nat -A PREROUTING -j LOG ... does not log anything. Without the first rule logging works. I thought, that -j DNAT should pass packet for next nat PREROUTING rule for logging. According to http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png packet should next go to ebtables filter table input or forward chains, but nothing reaches there in case of the iptables -t nat -A PREROUTING -j DNAT rule. Raido
