On Fri, 2004-09-17 at 09:52, KUCKAERTZ Régis - NVISION wrote: > > is it possible that $REAL_IP is a local IP address on the > > machine running netfilter? the reason i ask is that the > > packet counters on the FORWARD chain are zero (whereas INPUT > > and OUTPUT are over 40000). > > Unfortunately, it is not. Really weird, since packets are correctly DNAT'ed > _before_ going through the filter rules, then the kernel should detect that > they are not intended to it, neh? > > I tried tcpdump'ing the $REAL_IP and $REAL_PORT, but then nothing matched > the filter. > > I must have forgot one thing, since _it worked_ in the past!! :'( > > Thanks for your help! > stupid question: is IP forwarding enabled (sysctl net.ipv4.ip_forward)? 'nother stupid question: is routing correctly configured from the netfilter machine to $REAL_MACHINE; i.e., can you ping $REAL_IP from the netfilter machine? -j -- Jason Opperisano <opie@xxxxxxxxxxx>
