Good day folks! Is it possible to DNAT locally-originated, locally-destined packets to a non-local destination? The use-case is port forwarding to a locally-routed VM guest. For externally originating access the following is adequate: iptables -t nat -A PREROUTING -d external.iface.ip -p tcp --dport 80 -j DNAT --to-destination target.ip.add.ress A logical complement for locally originating accesses would have been: iptables -t nat -A OUTPUT -d 127.0.0.0/16 -p tcp --dport 80 -j DNAT --to-destination target.ip.add.ress ..but all I can observe is silent packet disappearance, which I presume takes place during routing decision-making immediately following the processing by the OUTPUT chain of the nat table. So, is it possible at all, or should I go the userspace port forwarding way? regards, Samium Gromoff -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
