On Sat, Apr 5, 2008 at 11:09 AM, Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote: > > On Saturday 2008-04-05 02:06, Jan Engelhardt wrote: > > > On Saturday 2008-04-05 01:35, Joel Pearson wrote: > > > > > > > > I can get iptables forwarding to work fine if the source address is > > > from the internet, well a different interface anyway. Using a DNAT > > > works fine in these circumstances. But a DNAT doesn't work to forward > > > within the same subnet/interface it seems. > > > > > > Can someone point me in the right direction? > > > > > > > http://jengelh.hopto.org/images/dnat-mistake.png > > > > Adding an extra SNAT rule of course alleviates this problem, > at the cost of seeing 1.3.3.8 instead of 1.3.3.7 in the logs > of 1.3.3.9. > > (-t nat -A POSTROUTING -d 1.3.3.9 -m conntrack --ctstate DNAT > -j SNAT --to 1.3.3.8) > Thanks Jan, that SNAT rule worked great! -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
