Hello,
Martin Korous a écrit :
I want forward local ports to remote server, for example:
for `telnet localhost 80` must answer webserver from remote IP
I have this rule:
iptables -t nat -A OUTPUT -p TCP -d 127.0.0.1 --dport 80 -j DNAT --to 192.168.0.254:80
but doesnt work.
of course i have support of routing, iptables and nat in kernel
Im sure that rule is right and in kernel 2.4 works.
Is problem in 2.6 or where?
kernel 2.6.18
The problem, which has already been discussed in this list, is in
kernels 2.6.11 and above. In Changelog-2.6.11 you can read :
[PATCH] Remove do_extra_mangle: double NAT on LOCAL_OUT
On NF_IP_LOCAL_OUT, when destination NAT changes the destination
interface, we also change the source address, so the packet is the
same as if it were generated to go that way in the first place. This
is not strictly necessary, I believe.
This patch rips that code out to see what breaks.
Sorry, you've just seen what breaks. The kernel routing code prohibits
sending packets with source address in 127.0.0.0/8 outside the host
(i.e. on another interface than lo) so the packets are dropped after
leaving the OUTPUT chains.
For this to work you must use a local address outside 127.0.0.0/8.
