Andrew Beverley a écrit : >> Nonsense. You should read the manpage more carefully. >> >> QUOTE >> REDIRECT >> This target is only valid in the nat table, in the PREROUTING and OUT- >> PUT chains, and user-defined chains which are only called from those >> chains. It redirects the packet to the machine itself by changing the >> destination IP to the primary address of the incoming interface >> (locally-generated packets are mapped to the 127.0.0.1 address). >> END OF QUOTE > > Okay, I stand corrected, although I personally would still use the DNAT > target for that use-case :) Both can be used. DNAT gives more control, as it allows to specify the destination address. > Incidentally, the manpage stipulates "--to-ports" but the earlier > example in the same manpage is "--to-port". Both seem to be accepted. > Any difference? No, it appears that partial options can be used (as long as they are unambiguous, I guess). --to also works. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
