I still don't agree with your statement. For people who have single IP's that need simple DNAT/SNAT'ing for the scenario provided (which was a single port mapped) your process would be overkill and just as cumbersome as adding an additional rule to iptables. Gary > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Steven M Campbell > Sent: Wednesday, July 13, 2005 7:50 AM > Cc: Netfilter ML > Subject: Re: dnatting > FWIW from me I would not accept the answer 'it works so it must be > okay', that's been the downfall of soooo very many computer projects I > cannot even begin to count them (a particularily bad attitude for > programmers). We'll certainly not argue (and we aren't), it's your > network and your rules. My advice is use split DNS from the experience > that I used to do the sort of thing that you are doing here and I found > out that it was a bad idea and only created trouble later and I don't > like trouble, especially if it can be pinned on me! >
