> > Okay --- > > If I'm following this thread correctly then, > > > > we need two rules to manage this ... both Destination and Source Natting > > these packets ... > > My question is ..... > > As I understand things DNAT is done in PREROUTING and SNAT is done in > > POSTROUTING .. > > > > I can setup > > > > iptables -I PREROUTING -t nat -p TCP -s 192.168.0.2 -d 10.1.105.45 --dport \ > > 3306 -j DNAT --to 127.0.0.1 > > and (since nat postrouting FOLLOWS nat prerouting) > > iptables -I POSTROUTING -t nat -p TCP -s 192.168.0.2 -d 127.0.0.1 --dport \ > > 3306 -j SNAT --to 127.0.0.1 > > > > But I don't belive that this will solve the above problem of the /drop > > martians/ behaviour. > > > > Any comments folks? > > > > Alistair Tonner > > I'll try this when i get home, on my frankenstein box. I'll post > back later today. > > Thank you all who replied. Hmm.. well, it looks like David Cannings was right after all. The kernel will not allow me to do this.. strange. I would have thought it should be possible somehow... Thank you all very much. It was a very informative thread. -- Damian Gatabria <damian_g@xxxxxxxxxxxxx>
