Robby Workman wrote: > Wakko Warner wrote: > >Is it possible to use the recent match and dnat to dynamically forward > >incoming packets destined for a specific port (ident in this case) to the > >machine that initiated the connection? Or is anything like this possible > >at > >all? > > There may very well be a way to do it, but if there is, I can't > seem to find it, and I know of at least one other person who's > messed with it. Best I can tell, midentd on the gateway is going > to be your best option. > You might find this useful as well - I wrote it up quite some > time ago, but coupled with midentd, I think you'll have a > workable solution. > http://howtos.rlworkman.net/irc-identd I was looking for a pure netfilter way of doing it. But it's no big deal really, I have ident forwarded to one machine which is most likely to be the source of the outgoing packets anyway. -- Lab tests show that use of micro$oft causes cancer in lab animals Got Gas???
