Hi! "Ferenc Wagner" <[email protected]> írta 2008-12-16 11:47-kor: > Lásd http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html 3b ábra alatt: > > Note that the iptables nat OUTPUT chain is situated after the > routing decision. As commented in the previous section [...], this > is too late for DNAT. This is solved by rerouting the IP packet if > it has been DNAT'ed, before continuing. Ez az ábra is készülhetett azon hibás howto alapján, amit HG beírt.
Kerestem is most olyan szervert, ahol OUTPUT-ban DNAT-olok, és megy: # iptables-save -c |grep OUTPUT |grep DNAT [7771:553506] -A OUTPUT -d 127.0.0.1 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.0.1:1053 [0:0] -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.0.1:1053 [1030408:61824480] -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.4.1 [1:60] -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 2401 -j DNAT --to-destination 192.168.0.1 Üdv:Gyur! _________________________________________________ linux lista - [email protected] http://mlf2.linux.rulez.org/mailman/listinfo/linux
