Hello there, I'm looking after a pretty busy router. Right now everyting in PREROUTING chain is joined to NOTRACK.: /sbin/iptables -t raw -A PREROUTING -j NOTRACK I need to intercept and redirect tcp http sessions. But right now I'm stuck while trying to add exceptions to NOTRACK. I've tried adding one test on local IP (real one) and use RETURN target: /sbin/iptables -t raw -I PREROUTING -p tcp -s host.ip --dport 80 -j RETURN /sbin/iptables -t raw -I PREROUTING -p tcp -d host.ip --sport 80 -j RETURN Does not work. (Tried -j ACCEPT too). Tried creating another chain, jump from PREROUTING to that chain and RETURN or ACCEPT in there. Same thing. iptables -vxnL shows increase only in first rule When I add any of these rules, tcpdump shows that packet arrives to inner interface, but does not travel to outgoing one. I'm using Debian Lenny with stock packets (kernel icluding). What am I missing or doing wrong? From what I gather packets are discarded at raw table. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
