On Tue, 12 Apr 2005, Jon Newman wrote:
Using DNAT, via this command, still nets the same result: iptables -t nat -A PREROUTING -p tcp -s x.x.x.x/32 --dport 80 -j DNAT --to 216.90.3.137:8080
As I said it is equivalent. REDIRECT only saves you from entering the IP (automatic).
Any other ideas? I can't believe this is so difficult, this should be simple and straight foreward...there must be something stupid I am missing...PLEASE, anyone willing to point out my idiocy?
Never ever had netfilter NAT fail on me.
But if your intercepting router is running in "lollipop" mode (just one interface, next hop router on same interface as client station) then you may need disabling ICMP redirects.
Regards Henrik
