On Thu, 2005-02-03 at 17:59, seberino@xxxxxxxxxxxxxxx wrote: > > iptables -t nat -A PREROUTING -i $EXT_IF \ > > -j DNAT --to-destination $SINGLE_SERVER_IP > > > sorta. keep in mind that rules in "-t nat" are only applied to packets > > with state NEW--this is probably the piece you're missing. > > Jason > > I appreciate the care you've put into making strong iptables scripts > and helping people on this list. I understand your explanation > but I don't see how a newbie would have known that the iptables > rule above is to be ONLY applied to NEW state packets. sorry if it sounded like i was reprimanding you for not knowing--i really just meant to let you know. i don't expect that a newbie would know that--that why i responded to your post. > Doesn't EVERY incoming packet go through PREROUTING?? And hence, > the rule above will be applied to ALL incoming packets right?!? your statement is true for -t mangle PREROUTING, -t nat is not traversed by every packet, no. > I don't see any place above where it says '**this only applies > to NEW state packets**'. You must be right but I'm just wondering > how I would have figured that out on my own. :) i probably read it somewhere at some point...maybe in that building linux firewalls book by that guy... -j -- "The only monster here is the gambling monster that has enslaved your mother! I call him Gamblor, and it's time to snatch your mother from his neon claws!" --The Simpsons
