> I use kernel 2.4.x. > I need to do port forwarding to a remote host AND to > pass these packets to a local application. > > I used the DNAT feature in iptables and it does the > port forwarding. But the issue is that these forwarded > packets are unreachable to local application. Of course, you just changed the IP address to something else than your own box. With DNAT, you explicitly 'give' up the connection for the local host. > > Any tips about proper iptables' rules to accomplish both? Apart from writing your own target extensions, I know of none. Might use ipt_ROUTE as a base, it contains a --tee option. Jan Engelhardt --
