Hi, It should certainly work, and if it doesn't, that would be a bug. When a packet hits DNAT in PREROUTING, it's stolen away and reinjected into the networking stack later on. This reinjection might fail for a number of reasons:
- There is no route to the new IP address. - There is a route to the new IP address but neighbour discovery, a.k.a. ARP, fails. Either because the interface on the bridge has no IP address (so that ARP probes can't be sent) or because the destination host isn't there. If you don't want to give the bridge interface an IP address, configure a static ARP entry (/sbin/ip neigh add 1.2.3.4 lladdr 00:11:22:33:44:55). If it still doesn't work, please drop me a line. cheers, Lennert On Tue, Feb 05, 2002 at 04:21:31PM -0800, Eric Low wrote: > I'm just curious, will DNAT'ing work with the bridging netfilter patch and > ebtables installed? Everything still appears to go PREROUTING -> FORWARD -> > POSTROUTING, but when I try DNAT'ing, the packets appear to be lost. Here is > my ruleset: > > -t nat -A PREROUTING -i eth1 -p tcp -d 198.122.149.0/24 --dport 80 -j DNAT --to > 198.122.149.10:80 > -A FORWARD -i eth1 -o eth0 -p tcp -d 198.122.149.10/32 --dport 80 -j LOG > --log-level 0 > -A FORWARD -i eth1 -o eth0 -p tcp -d 198.122.149.10/32 --dport 80 -j ACCEPT > > The logging was inserted in there for test purposes, and shows no matching > packets. None of the packets arrive at 198.122.149.10:80 (those are fake > addresses). I believe this is the same ruleset that worked when I was doing IP > forwarding (before I installed the bridge/netfilter patch). I'm assuming that > it can't be done, or is perhaps a routing issue (ie. it doesn't know where > 198.122.149.10 is located), but I just want to make sure. > > Thanks, > Eric > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
