-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you considered using the redirect target and the filter table? On Sat, Jul 03, 2004 at 06:24:03PM -0500, Thomas Stivers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > on Sat, Jul 03, 2004 at 05:18:06PM -0500, Gregory Nowak wrote: > > Hi all. > > > > I am trying to setup iptables to transparently redirect out-bound > > traffic to any host on port 25 to instead go to IP address > > aaa.bbb.ccc.ddd on port 25. So, after doing some searching with > > google, and some playing around, I have the following line in my > > firewall script: > > > > iptables -t nat -A POSTROUTING -p tcp -o $eth0 --dport 25 -j DNAT > > --to-source aaa.bbb.ccc.ddd > > - From a quick look at the iptables man page I see: > > This target is only valid in the nat table, in the PREROUTING and OUTPUT > chains, and user-defined chains which are only called from those > chains. It specifies that the destination address of the packet should > be modified (and all future packets in this connection will also be > mangled), and rules should cease being examined. > > So it looks like you need to put it in prerouting instead of > postrouting. > > > When I run my firewall script to make the new changes take effect, I > > get no errors, but I still don't get the desired effect (I.E. doing > > telnet speech.braille.uwo.ca 25 for example, still gives me Trying > > 129.100.109.30... instead of Trying aaa.bbb.ccc.ddd... > > I think if it is done correctly you will get this result, but you should > get the prompt message from aaa.bbb.cccc.ddd > > Remember the trying whatever message is coming from telnet not over the > connection and as far as telnet is concerned it is connecting to > 129.100.109.30. If I understand corectly this is the essence of > transparency. > > > Can someone please show me what I'm doing wrong, because everything > > looks right to me, (although it obviously isn't), and I'm out of > > ideas. > > If the above don't work then so am I. > > > BTW, I'd prefer to use a full host name in iptables, instead of the IP > > address, however, I get an error when I try that. Am I missing > > something here as well? Thanks for any help in advance. > > This host name would be resolved at the time the rules are loaded and > then would not be changed if the DNS records changed. This is likely to > lead to strange behavior eventually. > > - -- > "Debugging is twice as hard as writing the code in the first place. > Therefore, if you write the code as cleverly as possible, you are, > by definition, not smart enough to debug it." - Brian W. Kernighan > > Thomas Stivers e-mail: stivers_t at tomass.dyndns.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFA50AT5JK61UXLur0RAjlLAJ9KUPmRHxnvJJrmywm07nH7Hw1RqgCfZXlw > Iqx+Sa/OYG0QQuQKPJCyDGE= > =IrfN > -----END PGP SIGNATURE----- > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup - -- Failure is not an option, it comes bundled with your Microsoft product. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFA50hUNohoaf1zXJMRAhsjAJ48IOiBKDmF+MJ/F4yvXeYsXFcjIgCgkiGT N6S8T/kiB5KzkjNZ5vntoQ4= =LDzC -----END PGP SIGNATURE-----
