On Tue, 27 Apr 2004, Roy Walker wrote: > If I take the -o off the rule works fine. However, only want traffic > from eth0 and destined out eth1 to be proxied except when it is destined > for the network specified by the -d. Anyone have any idea what is not > right with that?
You can't use -o in PREROUTING. The information is simply not known by the kernel at that time. You must match on destination IPs. If you have some traffic you do not want to intercept then add ACCEPT rules in the nat table before your interception rule. You can only intercept traffic at PREROUTING, as the kernel needs to know where to route the traffic and interception changes the destination to the local server instead of the requested server. Regards Henrik
