Hey guys [17:47] * Now talking in #lartc [17:47] * Topic is ''Linux Advanced Routing and Traffic Control. http://lartc.org/ State problem and wait, :)'' [17:47] * Set by ChanServ!services@services.oftc.net on Mon Nov 09 10:21:28 [17:47] <mitnlag> hey guys, have lost 3 full days if my life to this problem [17:48] <mitnlag> linux box, br0 consits of eth1 and eth2, ifconfig br $BR_IP [17:48] <mitnlag> another box has ip $BR_IP+1, but doesn''t matter [17:49] <mitnlag> $BR_IP+1 sends traffic through br0, and i want port 80 to be DNATed to $BR_IP. [17:50] <mitnlag> and I made iptables -t nat -I PREROUTING -m physdev --physdev-in eth1 -m mac --mac-source 00:0C:29:88:3F:BA -j DNAT --to $BR_IP [17:50] <mitnlag> traffic is matched, ''cause i''m doing -j ACCEPT instead and it''s ok [17:51] <mitnlag> but with that DNAT rule i''ve got "connection refused" on my client bpx [17:51] <mitnlag> pls, help feel free to ask any clarify -- С уважением, Виталий mailto:mitnlag@yandex.ru
> Hey guys > > [17:47] * Now talking in #lartc > [17:47] * Topic is ''Linux Advanced Routing and Traffic Control. > http://lartc.org/ State problem and wait, :)'' > [17:47] * Set by ChanServ!services@services.oftc.net on Mon Nov 09 > 10:21:28 > [17:47] <mitnlag> hey guys, have lost 3 full days if my life to this > problem > [17:48] <mitnlag> linux box, br0 consits of eth1 and eth2, ifconfig br > $BR_IP > [17:48] <mitnlag> another box has ip $BR_IP+1, but doesn''t matter > [17:49] <mitnlag> $BR_IP+1 sends traffic through br0, and i want port 80 > to be DNATed to $BR_IP. > [17:50] <mitnlag> and I made iptables -t nat -I PREROUTING -m physdev > --physdev-in eth1 -m mac --mac-source 00:0C:29:88:3F:BA -j DNAT --to > $BR_IP > [17:50] <mitnlag> traffic is matched, ''cause i''m doing -j ACCEPT instead > and it''s ok > [17:51] <mitnlag> but with that DNAT rule i''ve got "connection refused" on > my client bpx > [17:51] <mitnlag> pls, help > > feel free to ask any clarifyJust a thought, did You made the corrisponding ''filter'' rule? Something like: iptables -t filter -I FORWARD -m physdev --physdev-in eth1 -m mac --mac-source 00:0C:29:88:3F:BA -j ACCEPT Hope it helps ciao riki