Vijay Viswanathan a écrit : > adding -m state --state NEW,ESTABLISHED seems to do the trick. > > iptables -t nat -A PREROUTING -i eth1 -p tcp -d 10.4.38.182 --dport > 2300 -m state --state NEW,ESTABLISHED -j DNAT --to 192.168.10.2:2300 Not in any way. The chains of the nat table see only packets in the NEW state so this match is completely superflous. Besides, normal TCP packets have the NEW or ESTABLISHED state. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
