> On Fri, 4 Mar 2016, Alex Barylo wrote: > >> I have a server in a DC1 with a private IP, of say 10.10.10.10. This >> IP is NAT'd to a public IP, say 216.58.219.10 in this way: >> >> 216.58.219.10:8090 -> 10.10.10.10:8089 >> >> I have a server in DC2 which knows about (and wants to connect to) >> 10.10.10.10:8089 but doesn't know about 216.58.219.10:8090 (long >> story). >> >> So I want to rewrite dest IP/port from 10.10.10.10:8089 to 216.58.219.10:8090. >> >> This is what I tried: >> >> # sysctl net.ipv4.ip_forward=1 >> # iptables -t nat -A PREROUTING -p tcp --dest 10.10.10.10 --dport 8089 >> -j DNAT --to 216.58.219.10:8090 And what happened ? On which machine did you run these commands ? If it is on a machine acting as a gateway between the server in DC2 and the server in DC1, then you are correct. If it is on the server in DC2, then the sysctl is useless and the iptables rule should be added to the OUTPUT chain (for locally-generated traffic) instead of PREROUTING (for incoming traffic). Sven-Haegar Koch a écrit : > Try adding the same rule also to the nat OUTPUT chain. Why "also" ? Rather "instead". Both rules on the same machine are useless. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
