I think the following can work. > 1. -s anywhere --dport 5000 -j DNAT --to-destination :22 -s subnet --dport 5000 -j DNAT --to-destination 22 This will do nating only only subnet. Thanx. > > FILTER INPUT chain: > > 2. -s subnet --dport 22 -j ACCEPT > > 3. all others -j REJECT > > The problem is the packet arrives on 5000 and is natted to 22 correctly > (1. - all good so far), > but because its source IP is not the local subnet (defined in 2.), it is > rejected in the filter > INPUT chain (3). > > So I'm think something like the following: > > a. can the packet bypass the INPUT filter chain? > b. how can I identify my natted packet within the INPUT filter chain and > thus ACCEPT it? > > Regards, > Geofrey Rainey. > ========================================================== > For more information on the Television New Zealand Group, visit us > online at tvnz.co.nz > ========================================================== > CAUTION: This e-mail and any attachment(s) contain information that > is intended to be read only by the named recipient(s). This information > is not to be used or stored by any other person and/or organisation. > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjectunsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Nilesh Vaghela ElectroMech Redhat Channel Partner and Training Partner 74, Nalanda Complex, Satellite Rd, Ahmedabad 25, The Emperor, Fatehgunj, Baroda. www.electromech.info -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
