On Wednesday 04 August 2004 8:10 am, Raido Kurel wrote:
> > Do you have a FORWARD rule allowing packets through to aaa.aaa.aaa.13
> > after they've been NATted?
>
> Yes.
> Also packets from Internet to aaa.aaa.aaa.13 reach destination.
> I am more worried about fact, that
> -t nat -A PREROUTING -j DNAT ...
> and then
> -t nat -A PREROUTING -j LOG ...
> does not log anything. Without the first rule logging works.
That's because the DNAT target does not return to the chain. The LOG target
is almost the only target I can think of which *does* return back to the
chain for further processing - all other targets are the "final outcome" for
the packet.
Put the two rules the other way round and you'll get both LOGging and
DNATting.
Regards,
Antony.
--
Most people are aware that the Universe is big.
- Paul Davies, Professor of Theoretical Physics
Please reply to the list;
please don't CC me.
