Oops, sorry my bad: there was unfortunately a misconfiguration in my router... :-( U.Mutlu wrote, On 12/19/2014 12:57 PM:
I think I found a bug in iptables: If applying such a rule: iptables -t nat -A PREROUTING -p tcp --dport 1234 -j REDIRECT --to-port 5678 then testing it at least once by putting a server-app at port 5678, and then throwing this rule away by clearing (flushing) alle the tables doesn't get this rule disappear anymore; it somehow is still active, because the REDIRection still works even after clearing the tables. (Haven't checked yet if after a reboot of the system the problem disappears, but even then this of course wouldn't be a satifactory solution to the problem.) My system: debian 8 (jessie), iptables from the beforementioned repo, version v1.4.21 Another related issue: The following documentation says that the above rule would be a "transparent proxy": http://www.tldp.org/HOWTO/TransparentProxy-5.html But this can't be true, because it's NAT (s.a.); whereas from a transparent proxy one would expect that the originating IP gets passed thru to the redirected port, which is not the case here; only the NATted IP gets passed... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html