A User on multiuser development system on private test lab network wants
to write perl scripts to handle incoming snmp traps.
His code works fine with a perl line that binds to port 162 on his
workstation.
Move it to the lab server, it runs fine there too.
However I don't want him to have root privs to bind to port 162.
So I set ONE line in iptables:
iptables -t nat -A PREROUTING -p udp -m udp --dport 162 -j REDIRECT
--to-ports 4162
user changes his line of code to bind to port 4162 instead of 162.
iptables-save shows:
# Generated by iptables-save v1.2.5 on Mon Nov 4 16:06:52 2002
*nat
:PREROUTING ACCEPT [11:2077]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p udp --dport 162 -j REDIRECT --to-ports 4162
COMMIT
# Completed on Mon Nov 4 16:06:52 2002
# Generated by iptables-save v1.2.5 on Mon Nov 4 16:06:52 2002
*filter
:INPUT ACCEPT [1814:266793]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1073:147564]
COMMIT
# Completed on Mon Nov 4 16:06:52 2002
"netstat -nap" shows his program is bound to udp 4162
"tcpdump -n | grep snmptrap" shows incomming snmptraps to port 162
also shows ICMP unreachable replies going out?
Users program doesn't receive any input...
What am I missing here?
