Hi, I have a server that performs many functions on a testing/lab network. I don't really need a firewall, but I do want to restrict users from having root access. Sometimes users want to be able to bind a process to a low port like say an snmptrap receiver to port 162, but the process needs privelages to do that. So I had the bright idea of using iptables to redirect the incomming packets on the low port to a high port that the users program can bind to without problems. I tried the following: iptables -t nat -p udp -m udp --dport 162 -j REDIRECT --to-ports 4162 The user started his program that bound to udp port 4162 (I could see it while using netstat -nap ). But his program didn't receive anything? tcpdump -n | egrep "snmptrap|162 did show incomming snmptraps to port 162, but "icmp unreachable" replies were sent back? Any ideas on how to make this work? Thanks in advance, -Ben.
