3

Are DNAT and REDIRECT equivalent when applied to locally destined traffic?

view full story
linux-howto

http://serverfault.com – In setting up our OpenStack environment, I ran into a problem that was preventing instances from contacting a server running on the host. The metadata service (which exposes an HTTP API) runs on port 8775 on the host, and the OpenStack networking code adds the following DNAT rule to grant access via a special address on port 80: -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8775 Instances are connected to the host via a local bridge device, and 169.254.169.254 is assigned to lo. While this rule successfully matches packets originating (HowTos)