Dear all: I find two problems of using ?SAME? target, I am using kernel 2.6.17.7 and iptables 1.3.5 1. Multiple calls of check function: When we turn on the Debug messages ( by recompiling), I find that the check function of SAME target would be called multiple times, i.e iptables ?t nat ?A PREROUTING ?d 10.10.10.1 -j SAME ?to 172.31.0.1-172.31.0.3 iptables ?t nat ?A PREROUTING ?d 10.10.10.2 ?j DNAT ?to-destination 192.168.1.1 ?. Other NAT rules netfilter travels the second DNAT rules, but calls the check function of the first rules of ?SAME? target , so does every following NAT rules. My question is , I didn?t see the same situation in kernel 2.4 , is that due to some framework change in kernel 2.6 ? 2. Can?t remove the ?SAME? target: When we issue the removal ?iptables ?t nat ?D PREROUTING ?d 10.10.10.1 -j SAME ?to 172.31.0.1-172.31.0.3?, Iptables get reply of ?iptables: No chain/target/match by that name?, it seems the memory comparison is not equal with user level and kernel level passed target info data structure, Any solution? Thanks for your help!!
