IPtables

[Sneppe Filip]

From:	Nick Lockyer
>Is it possible to use iptables to 'route' a packet.  For example
machine A
>sends packet to machine B, but machine B forwards it on to machine C.
>
>I used
>
>  iptables -t nat -A PREROUTING -p tcp --destination 1.2.3.4 -j DNAT
--to
>5.6.7.8
>
>(ignore silly numbers).
>
>Etherreal and TCPDUMP (on machine B) confirm that packet from A are
destined
>for C so the iptable rule is working, but it does not seem to reach the
>destination (C).

Hi Nick,

Be carefull with what tcpdump says. there was a thread on
this list a while ago about tcpdump not seeing the correct
source and/or destination IP due to NAT. You'd better
check the details of the thread in the archive and use
a different box to do the sniffing from.

Other than that, the setup should work, but you have to make
sure that your FORWARD chains allows the traffic. To follow
your example, you'll need something like:

iptables -A FORWARD -p tcp -d 5.6.7.8 -j ACCEPT
(don't use 1.2.3.4 here)

Of course don't forget the obvious like making sure the connection
tracking and nat conntracking is loaded.

Hope this helps.
Filip