> I have a rather busy server box hosting several web
> sites in separate independent installation directories,
> which means several apache, mysql and tomcat installations
> running simultaneously, with each mysql instance binding
> a port in the loopback interface.
>
> So, while this iptables rule does work for port forwarding
> to another host:
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 -m multiport \
> --dports mysql -j DNAT --to some.other.host
>
> changing "some.other.host" to 127.0.0.1 doesn't work
> as expected, and packets seem to be dropped altogether.
> Using tcpdump i can see packets reaching eth0, but
> never reaching loopback.
the target used for this is REDIRECT. from "man iptables"
REDIRECT
This target is only valid in the nat table, in the PREROUTING and OUT-
PUT chains, and user-defined chains which are only called from those
chains. It alters the destination IP address to send the packet to the
machine itself (locally-generated packets are mapped to the 127.0.0.1
address). It takes one option:
--to-ports port[-port]
HTH...
-j
