Mark E. Donaldson wrote:
Andrew - your DNAT rule looks fine to me and it should work. I really
think your problem is the first rule, even though the error is apparently
charged to the second rule. I think what you need to do is change the first
rule to -A to the INPUT chain and not the forward chain and it should work.
The packet is not being forwarded, but is rather destined to the same NIC -
so it should be the INPUT chain. Try that and see if it does the trick. If
not, holler again cause there are many with greater expertise on this list
than me.
Thanks for the advice but it's a no-go. I get the same error, 'Invalid argument', from the PREROUTING command if I use INPUT instead of FORWARD in the first command.
I also tried replacing the DNAT target in the second command with REDIRECT. It didn't help.
Andrew
-----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Andrew Sent: Tuesday, January 27, 2004 6:38 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: forwarding traffic from one port to another on the same box
I would like to forward all tcp traffic arriving on a particular port to another port on the same machine. This has worked for me in the past but I can't get it working on my current machine.
Here are the two commands I'm using to try to create the forward.
iptables -I FORWARD -p tcp -d 192.168.10.34 --dport 26 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 -s 0/0 -d 192.168.10.34 --dport 26 -j DNAT --to 192.168.10.34:25
The first command is accepted but the second command results in an 'Invalid argument' error.
The computer has only one interface, eth0. Here are its particulars: Mandrake Linux 9.2 Iptables 1.2.8 kernel 2.4.24 patched with super-freeswan 1.99.8
The value of /proc/sys/net/ipv4/conf/eth0/forwarding is 0. Changing it to 1 has no impact. The value of /proc/sys/net/ipv4/conf/eth0/rp_filter is 0.
I hope someone out there has some ideas about what's going on because I'm all out.
Andrew
