> I'm trying to redirect traffic on my DNS server. I have bind listening > on port 5300 (UDP) instead of 53. I've got it working from the internal > network but seem to have problem on redirecting localhost traffic. I've > tried changing both PREROUTING and OUTPUT chains in the nat table but it > doesn't seem to help. > > iptables -A PREROUTING -t nat -p udp -i lo --dport domain -j REDIRECT > --to-ports 5300 Absolutely incredible, within the past 15 minutes I have been trying to do the exact same thing with you -- also, with no luck. Using tcpdump I know that the port 53 packets are there, but from the DNS server logs I know that the packets never arrive at port 5300. I tried (unsuccessfuly) to add essentially the same PREROUTING rule. Since this worked on my external interfaces but not lo, I'm thinking that maybe PREROUTING doesn't apply to lo? I don't know. The caveat I had encountered when doing this for another interface was making sure that the packet is accepted on that port in the INPUT chain, but that's not the case here for me. -- forum@xxxxxxxxxxxxx
