you are right. No idea what made it work :) one thing different from your original instruction was my sysctl net.ipv4.ip_forward=1 didnt work couple of times it said 'unknown key' 3rd try it did not complain but after some tests I saw the forwarding was not set and I had to set it by writing 1 into /proc... ip_foward I will post it once I find out, but so far good. Thx. On Fri, Jun 27, 2014 at 2:38 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Vijay Viswanathan a écrit : >> adding -m state --state NEW,ESTABLISHED seems to do the trick. >> >> iptables -t nat -A PREROUTING -i eth1 -p tcp -d 10.4.38.182 --dport >> 2300 -m state --state NEW,ESTABLISHED -j DNAT --to 192.168.10.2:2300 > > Not in any way. The chains of the nat table see only packets in the NEW > state so this match is completely superflous. Besides, normal TCP > packets have the NEW or ESTABLISHED state. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
