Are DNAT and REDIRECT equivalent when applied to locally destined traffic?

view full story

http://serverfault.com – In setting up our OpenStack environment, I ran into a problem that was preventing instances from contacting a server running on the host. The metadata service (which exposes an HTTP API) runs on port 8775 on the host, and the OpenStack networking code adds the following DNAT rule to grant access via a special address on port 80: -A PREROUTING -d -p tcp -m tcp --dport 80 -j DNAT --to-destination Instances are connected to the host via a local bridge device, and is assigned to lo. While this rule successfully matches packets originating (HowTos)