El dom, 08-08-2004 a las 13:50 -0400, Alistair Tonner escribiÃ: > On August 8, 2004 04:41 am, David Cannings wrote: > > On Sunday 08 August 2004 07:17, Damian atabria wrote: > > > :o( no luck. > > > > > > I even tried -F ing INPUT, FORWARD, OUTPUT, PREROUTING and POSTROUTING > > > before adding the rule, (all policies set to ACCEPT) and still no luck! > > > Forwarding is enabled, > > > net.ipv4.conf.all.forwarding = 1 > > > net.ipv4.ip_forward = 1 > > > and still the packets are going nowhere... however giving > > > the loopback an alias with an ip address of, say, 200.136.136.136 > > > works... so why can't I route to 127.0.0.x? Is there anything > > > else I should check/add? > > > > You can't send packets from non 127/8 addresses to 127/8. The kernel > > filters them out and drops them as it considers them "martians". > > > > David > > Okay --- > If I'm following this thread correctly then, > > we need two rules to manage this ... both Destination and Source Natting > these packets ... > My question is ..... > As I understand things DNAT is done in PREROUTING and SNAT is done in > POSTROUTING .. > > I can setup > > iptables -I PREROUTING -t nat -p TCP -s 192.168.0.2 -d 10.1.105.45 --dport \ > 3306 -j DNAT --to 127.0.0.1 > and (since nat postrouting FOLLOWS nat prerouting) > iptables -I POSTROUTING -t nat -p TCP -s 192.168.0.2 -d 127.0.0.1 --dport \ > 3306 -j SNAT --to 127.0.0.1 > > But I don't belive that this will solve the above problem of the /drop > martians/ behaviour. > > Any comments folks? > > Alistair Tonner I'll try this when i get home, on my frankenstein box. I'll post back later today. Thank you all who replied. -- Damian Gatabria <damian_g@xxxxxxxxxxxxx>
