On Monday 09 August 2004 12:19 pm, Payal Rathod wrote:
> On Mon, Aug 09, 2004 at 11:55:10AM +0100, Antony Stone wrote:
>
> > DNAT in PREROUTING only works for packets being routed through the
> > machine. Squid is a local process sending packets out through OUTPUT,
> > therefore you need to DNAT in the OUTPUT nat table to let Squid connect
> > to this address.
>
> Ok. I never knew that. Can you please give an small example on how to
> DNAT my scene in OUTPUT nat table ?
Exactly the same as your extisting PREROUTING rule, but you put it in the
OUTPUT chain instead (still in the nat table):
iptables -A OUTPUT -t nat -d 1.2.3.4 -p tcp --dport 25 -j DNAT --to 10.10.10.2
Regards,
Antony.
--
You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.
- Frank Skinner
Please reply to the list;
please don't CC me.
