Fri, 19 Oct 2001 20:38:04 +0200
From: Nick Lockyer
>Is it possible to use iptables to 'route' a packet. For example
>sends packet to machine B, but machine B forwards it on to machine C.
> iptables -t nat -A PREROUTING -p tcp --destination 18.104.22.168 -j DNAT
>(ignore silly numbers).
>Etherreal and TCPDUMP (on machine B) confirm that packet from A are
>for C so the iptable rule is working, but it does not seem to reach the
Be carefull with what tcpdump says. there was a thread on
this list a while ago about tcpdump not seeing the correct
source and/or destination IP due to NAT. You'd better
check the details of the thread in the archive and use
a different box to do the sniffing from.
Other than that, the setup should work, but you have to make
sure that your FORWARD chains allows the traffic. To follow
your example, you'll need something like:
iptables -A FORWARD -p tcp -d 22.214.171.124 -j ACCEPT
(don't use 126.96.36.199 here)
Of course don't forget the obvious like making sure the connection
tracking and nat conntracking is loaded.
Hope this helps.