Update your iptables firstly, and secondly use the p-o-m patch to fix the OUTPUT NAT problem. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: Graham Swallow [mailto:Information-Cascade@xxxxxxxxxxxx] Sent: Thursday, July 17, 2003 5:59 AM To: LIST-netfilter Subject: DNAT udp 192.163.1.2:514 -> 127.0.0.1:1514 -- from local box VERSION: uptables-1.2.1.a I Type: iptables -t nat -A OUTPUT -p udp -d 192.168.1.2 --dport 514 -j DNAT --to 127.0.0.1:1514 It replies: iptables: Invalid argument The traffic is to ORIGINATE from a local process (this is 192.168.1.46), heading out to a ficticious 192.168.1.2, and DNAT'd to localport 1514 syslogd reuses to log to a port other than 514, but using DNAT as a kludge should work. I've tried a range of options, and got REDIRECT to almost work, but after the first packet it gave connection refused. NAT-HOWTO.txt 6.3.7 says must be OUTPUT and 127 I am using socat http://www.dest-unreach.org/socat/ to test socat UDP4-LISTEN:1514 - # server socat - UDP4:127.0.0.1:1514 # client regards -- Graham Information-Cascade -at- ntlworld.com
