On August 8, 2004 04:41 am, David Cannings wrote: > On Sunday 08 August 2004 07:17, Damian atabria wrote: > > :o( no luck. > > > > I even tried -F ing INPUT, FORWARD, OUTPUT, PREROUTING and POSTROUTING > > before adding the rule, (all policies set to ACCEPT) and still no luck! > > Forwarding is enabled, > > net.ipv4.conf.all.forwarding = 1 > > net.ipv4.ip_forward = 1 > > and still the packets are going nowhere... however giving > > the loopback an alias with an ip address of, say, 200.136.136.136 > > works... so why can't I route to 127.0.0.x? Is there anything > > else I should check/add? > > You can't send packets from non 127/8 addresses to 127/8. The kernel > filters them out and drops them as it considers them "martians". > > David Okay --- If I'm following this thread correctly then, we need two rules to manage this ... both Destination and Source Natting these packets ... My question is ..... As I understand things DNAT is done in PREROUTING and SNAT is done in POSTROUTING .. I can setup iptables -I PREROUTING -t nat -p TCP -s 192.168.0.2 -d 10.1.105.45 --dport \ 3306 -j DNAT --to 127.0.0.1 and (since nat postrouting FOLLOWS nat prerouting) iptables -I POSTROUTING -t nat -p TCP -s 192.168.0.2 -d 127.0.0.1 --dport \ 3306 -j SNAT --to 127.0.0.1 But I don't belive that this will solve the above problem of the /drop martians/ behaviour. Any comments folks? Alistair Tonner
