On Wednesday 2010-10-27 21:47, Mauricio Tavares wrote: >>> >>> I have the following rules to forward port 6969 coming on eth0 on server1 to >>> port 6969 on server2's eth0: >>> >>> iptables -A PREROUTING -t nat -p tcp --dport 6969 -j DNAT --to >>> 192.168.1.server2:6969 >>> iptables -A INPUT -d 192.168.4.server1 -p tcp -m tcp -m state --state NEW >>> --dport 6969 -j ACCEPT >>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >> >> That prerouting only applies to packets coming from devices connected to >> the machine. > > How would the prerouting that applies to packets coming from the >machine itself look like? Mean to say it without "that". The entire PREROUTING chain won't be considered for nat. Usually, you just directly connect to the proper address preferably ith a DNS name if available. Alternate and rather redundant communication ways are rinetd. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
