hi, On Fri, Mar 01, 2002 at 09:20:46AM -0600, Ted Fines wrote: > I understand (I think!) when a packet gets DROPped or ACCEPTed, as in > iptables -A FORWARD -p tcp --dport http -j ACCEPT, for example. so i misunderstood your question. > But in a DNAT rule, as in, iptables -t nat -A PREROUTING -s 1.2.3.4 -j DNAT > --to 5.6.7.8, for example, the packet's destination address gets changed, > but then where does it go once it is done in the PREROUTING chain in the > nat table? It hasn't been DROPped or ACCEPTed yet. perhaps this will help you: http://www.knowplace.org/netfilter/packet_traversal.gif bye sascha
-- Sascha Andres [EMAIL PROTECTED] http://www.programmers-world.com
