DNAT query

Jörg Harmuth harmuth at mnemon.de
Fri Nov 11 13:20:13 CET 2005


Payal Rathod schrieb:
> On Fri, Nov 11, 2005 at 11:57:02AM +0100, J?rg Harmuth wrote:
> 
>>Some time ago I had a similar problem with SLES8 and nat/OUTPUT. The
>>reason was, that is was the _only_ netfilter optio, that wasn't compiled
>>into the kernel :) I generally don't work with SuSE, so I don't know.
>>Bur maybe they still don't compile it as a kernel module.
> 
> 
> So what do you suggest? How do I use it now? Do I have to recomiple te 
> kernel for that? I never done that before.
> With warm regards,
> -Payal

It depends. But as Robs solution works for you, it looks like you only
need to redirect/forward connections (roughly: PREROUTING -> FORWARD ->
POSTROUTING). You only need nat/OUTPUT for packets, generated on the
firewall itself (roughly: local process -> OUTPUT -> POSTROUTING). If
you need to redirect locally generated packets *and* nat/OUTPUT isn't
compiled - well, yes then you have to compile the module from the kernel
sources (which in this case is simple, because you only have to enable
one option).

HTH,

Joerg



More information about the netfilter mailing list