According to the iptables man page, DNAT is valid only in the OUTPUT and PREROUTING chain of the nat table. SNAT is only valid in the POSTROUTING chain of the nat table.
It could be a missing kernel option ...
Frederic Gobin
Am Dienstag, 29.04.03 um 09:49 Uhr schrieb SaVaGE:
Op dinsdag 29 april 2003 09:23, schreef netfilter_user:Hello everyone,
this is my problem: My LAN is connected to Internet via Linux machine with 2 interface ( ppp0 - for internet and eth1 for local net). I need to connect from local host, service that is running on port 23073 and 23083 UDP in internet. For this i wrote afew rules with PREROUTING but when I start script with rules below i receive:
Bad argument `PREROUTING' Try `iptables -h' or 'iptables --help' for more information. Bad argument `PREROUTING' Try `iptables -h' or 'iptables --help' for more information.
iptables -t nat -A PREROUTING -p udp -d 80.50.60.185 --dport 23073 -j DNAT
--to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p udp -d
80.50.60.185 --dport 23083 -j DNAT --to-destination 192.168.1.2
iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23073 -j ACCEPT iptables -A FORWARD -p udp -d 192.168.1.2 --dport 23083 -j ACCEPT
What maybe a reason of this msg? Im using slackware 8.1 with iptables 1.2.6a
This behaviour is correct NATting is done on the POSTROUTING table !!!!
Pascal (PC-Secure Dutch security service)