On Thursday 2008-05-29 03:04, Grant Taylor wrote: >> What can I do ? > > You are close with your DNATing rules except for the fact that when "Bob" > replies to "Tom" (who is on your network) "Bob's" reply will not pass through > the system that did the redirecting. This means that "Tom" will see a packet > from "Bob" that he has no idea where it came from and as such hang up on "Bob". In other words... *drumroll* http://jengelh.medozas.de/images/dnat-mistake.png :-) > To make this work, you need to SNAT the traffic [...] Therefore making bug hunting harder because the wrong IP address shows up in the logs on the final host. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
