iptables (was port forwading)
Patrick Fleming EA
plug-discuss@lists.plug.phoenix.az.us
Mon, 18 Mar 2002 11:35:29 -0700 (MST)
On 18 Mar 2002, Carl Parrish wrote:
> Okay despite the fact that iptables didn't show up when I did lsmod (I
> guess I forgot netfilter was part of the *kernal*). It looks like
> iptables does install on RH 7.2 So I thought well instead of rewritting
> all my ipchains right now maybe I can just add a iptable rule to my
> firewall script (if this is vastly wrong please let me know). So here is
> my attempt
>
> iptables -A PREROUTING -t nat -p tcp -d $IPADDR --dport $WEB_PORT \
> -j DNAT --to-destination $WEBSERVER
>
I don't know if the syntax makes as much of a difference here...
but this is how it's written at:
http://netfilter.samba.org/documentation/HOWTO/NAT-HOWTO-6.html
## Change destination addresses of web traffic to 5.6.7.8, port 8080.
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 \
-j DNAT --to 5.6.7.8:8080
They use --to instead of --to-destination and -t nat is before -A
PREROUTING.
I haven't tried this particular nat setup but have a nat rule in my
iptables script and put the -t nat first there... just following the
examples.
> but when I try to run my script I get this
>
> iptables v1.2.3: Unknown arg `--to'
>
> my man page of iptables says that --to-destination is a valid arg
> though. So any thoughts??
>
> Thanks in advance,
> Carl P.
>
>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Patrick Fleming, EA
Licensed to represent taxpayers
before Exam, Appeals, and Conference
divisions of the IRS