-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jul 03, 2004 at 06:24:03PM -0500, Thomas Stivers wrote: > From a quick look at the iptables man page I see: > > This target is only valid in the nat table, in the PREROUTING and OUTPUT > chains, and user-defined chains which are only called from those > chains. It specifies that the destination address of the packet should > be modified (and all future packets in this connection will also be > mangled), and rules should cease being examined. > > So it looks like you need to put it in prerouting instead of > postrouting. > It's amazing how after a while of working on something and not getting anywhere, you start to miss things said in the man page (smile). I'm still surprised that didn't give me any errors, or maybe it did, and I didn't notice them, or I simply forgot to rerun the firewall script after re-editing it the last time. Anyway, I now have: iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 25 -j DNAT - --to-destination aaa.bbb.ccc.ddd and when I run my script, I get at that line: iptables: Invalid argument which as you can see, is an extremely useful error message, whoever wrote it, absolutely out did themselves in the creativity department (grrrrrr). BTW, I am substituting aaa.bbb.ccc.ddd with a correct IP address in the actual script, so that can't be the problem. > I think if it is done correctly you will get this result, but you should > get the prompt message from aaa.bbb.cccc.ddd > I guess it's not done correctly then, because I'm not getting the prompt message from aaa.bbb.ccc.ddd, it just hangs there, which is the normal behavior in my case. Thanks. Greg - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFA51rs7s9z/XlyUyARAn0iAKCvcKA7tOcIZp177T//tB2yHMW2dACgtdqx 6PKGgtJuOL5Gz8YbnVM+Lmg= =2VjY -----END PGP SIGNATURE----- !DSPAM:40e75aed226711737368970!