On Tue, 2009-07-14 at 11:25 +0200, Mart Frauenlob wrote:
> >
> Remember for the POSTROUTING rule, the previously redirected packets
> come from the host:port, NOT go to the host again.
> You need `-s xxx.xxx.xxx.xxx --sport xx' -j SNAT ....
DNAT rewrites the destination IP and Port, so in the POSTROUTING
table the TCP SYN packets should look like:
<Orig-Src-IP, Orig-Src-Port, DNAT-Dst-IP, DNAT-Dst-Port>
right?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
