----- Original Message ----- From: "Alex Gromov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 2:31 AM Subject: [Bridge] Bridge/netfilter DNAT (bug?)
> I am trying to set up a bridge with nat. > iptables -t nat -A PREROUTING -eth0 -d x.x.x.90 -j DNAT --to-destination > x.x.x.89 > > it doesn't work. Note that I have a network range that includes .90 so its > valid. Do you have ip forwarding turned on? echo 1 > /proc/sys/net/ipv4/ip_forward > With tcpdump I can see incoming packets addressed to x.x.x.90 on eth0 and > coming out on eth1 w/ the destination unchanged! The count for the rule > above stays at 0. Moreover the total count for PREROUTING chain most of the > time doesn't increment even when I set traffic to .89. Which makes me think > that some packets go through PREROUTING chain, but most of them don't. > > According to netfilter documentation, every incoming packet should go > through RREROUTING chain first before it even makes any routing decision. Is > this a bug? I am really lost here. And help would be appreciated. Thanks. Strange. Did you try logging everything that passes the PREROUTING chain? Just in case you are using ebtables: the ebtables PREROUTING chain is traversed before the iptables PREROUTING chain. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
