On Fri, 2004-03-05 at 12:00, Jan Kanty Palus wrote: > My firewall configuration consist of many rules which redirect some ports > on my server to particular hosts in lan. I wanted to reduce them so I tried > to do something like this: > > iptables -t nat -N new > iptables -t -A PREROUTING -i ethX -p tcp --dport <port>:<port> -j new > > and in chain 'new' redirect port to right machine. The problem is that in > chain 'new' i have no option '--to-destination'. Is it possible to do > this or where can i find some info about it? Hmmm . . . I just tried creating such a chain and adding a bogus DNAT rule to it and it worked fine. I haven't tested it with real traffic but I assume you are getting some kind of error when you try to add a rule. What error are you getting? Are you remembering the preface the -A or -I with -t nat? -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
