>> I thought I followed the recipe for DNAT on a transparent firewall >> correctly with the statement below, and sniffing shows that the traffic >> is redirected. But although the client receives the return responses >> from the server at the dnat destination - the client basically ignores >> it. (possibly as unexpected noise). What am I missing? >> >> iptables -t nat -D PREROUTING -p tcp --dport 80 -m physdev >> --physdev-in eth1 -m mark --mark 9 -j DNAT --to-destination >> 192.168.12.12:80 > >Are you sure ? -D means delete. Given that this is a typo, maybe you are >missing a SNAT rule ? Also maybe, that a tcpdump helps. You cannot use Layer3-DNAT on a bridge (which is Layer2). Jan Engelhardt --
