On 4 Nov 2002, Ben Russo wrote: > Have a UNIX server. User wants to write programs to receive SNMPTraps. > I *thought* I could redirect incomming traffic to port 162 to a high > port, (like 4162) where the user could have his programs receive the > messages with no special privelages? > > Anyway, a completely normal box, no special firewalling rules.... > The only rule I create is: > > iptables -t nat -A POSTROUTING -p udp -m udp --dport 162 -j REDIRECT > --to-ports 4162 > > Now, the user starts his program that binds to udp port 4162 ( I can see > it with "netstat -nap" ) but he doesn't see any packets coming in. > I run tcpdump -n | grep snmptrap and I see packets coming from the > network to the server on udp port 162, and the server sending back icmp > unreachable packets back to the sources?? > > Why doesn't the redirect work? don't you want that to be a PREROUTING rule, not POSTROUTING? rday (who now knows just enough to possibly give really bad advice :-)
