I got it working ......... one working example would be:
iptables -t nat -A OUTPUT -p tcp -o lo -d your.external.firewall.ip --dport
80 -j DNAT --to-destination 192.168.200.10:80
The big trick here is we're tweaking a connection that is being
originated ON the firewall and the connection is TO the firewall. In this
case ( machine connecting to itself ), Linux uses the loopback interface, no
matter which interface the real IP is. So, using the '-o eth0' would make
things never work. But, using it with the loopback interface ( or maybe
without interface ??? ) will make things works very fine ! :)
Anyway, thanks very much for your reply and hope the example above helps
you if you ever need it :)
Sincerily,
Leonardo Rodrigues
----- Original Message -----
From: "Micke" <[EMAIL PROTECTED]>
To: "Leonardo Rodrigues" <[EMAIL PROTECTED]>; "netfilter ML"
<[EMAIL PROTECTED]>
Sent: Monday, March 18, 2002 3:30 PM
Subject: Re: questions on CONFIG_IP_NF_NAT_LOCAL
> > Hello Guys,
> >
> > I've just installed kernel 2.4.18 and iptables 1.2.6a. One of the
> > patch-o-matic patches I choose was Henrrik local-nat. Kernel was
correctly
> > recompiled, modules installed ........ but I'm having some problems
trying
> > to figure out how to use this new feature ( redirect on locally
> generated ),
> > as I couldnt find any documentation on it.
> >
> > Would you mind in giving me some hints/examples of how to use this
> > feature ??
> >
> > Sincerily,
> > Leonardo Rodrigues
>
> Hi Leonardo !
>
> I have not tested it myself yet but I think you can use it like this:
>
> iptables -t nat -A OUTPUT -p tcp -o eth0 -d internetip1 --dport 80 -j
> DNAT --to internetip2
>
> Which means that you show up on internetip2`s port 80 (http) if you do
lynx
> http://internetip1 from the command prompt at your firewall linux box.
Its
> like ordinary DNAT but you use it at the firewall itself which not have
been
> possible before.
>
