Andrew - your DNAT rule looks fine to me and it should work. I really think your problem is the first rule, even though the error is apparently charged to the second rule. I think what you need to do is change the first rule to -A to the INPUT chain and not the forward chain and it should work. The packet is not being forwarded, but is rather destined to the same NIC - so it should be the INPUT chain. Try that and see if it does the trick. If not, holler again cause there are many with greater expertise on this list than me. -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Andrew Sent: Tuesday, January 27, 2004 6:38 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: forwarding traffic from one port to another on the same box I would like to forward all tcp traffic arriving on a particular port to another port on the same machine. This has worked for me in the past but I can't get it working on my current machine. Here are the two commands I'm using to try to create the forward. iptables -I FORWARD -p tcp -d 192.168.10.34 --dport 26 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -i eth0 -s 0/0 -d 192.168.10.34 --dport 26 -j DNAT --to 192.168.10.34:25 The first command is accepted but the second command results in an 'Invalid argument' error. The computer has only one interface, eth0. Here are its particulars: Mandrake Linux 9.2 Iptables 1.2.8 kernel 2.4.24 patched with super-freeswan 1.99.8 The value of /proc/sys/net/ipv4/conf/eth0/forwarding is 0. Changing it to 1 has no impact. The value of /proc/sys/net/ipv4/conf/eth0/rp_filter is 0. I hope someone out there has some ideas about what's going on because I'm all out. Andrew
