I have a server in a DC1 with a private IP, of say 10.10.10.10. This IP is NAT'd to a public IP, say 216.58.219.10 in this way: 216.58.219.10:8090 -> 10.10.10.10:8089 I have a server in DC2 which knows about (and wants to connect to) 10.10.10.10:8089 but doesn't know about 216.58.219.10:8090 (long story). So I want to rewrite dest IP/port from 10.10.10.10:8089 to 216.58.219.10:8090. This is what I tried: # sysctl net.ipv4.ip_forward=1 # iptables -t nat -A PREROUTING -p tcp --dest 10.10.10.10 --dport 8089 -j DNAT --to 216.58.219.10:8090 ...and it gives me this: # iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere 10.10.10.10 tcp dpt:8089 to:216.58.219.10:8090 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination ... and it doesn't work. I see neither traffic to 10.x or to 216.x with tcpdump on the host in DC2 where I'm trying to rewrite. A side question: is there a way for me to see how traffic moves between/through chains? Any pointers are greatly appreciated. Thanks, Alex. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
