On Sat, 2004-06-19 at 18:40, Daniel Wittenberg wrote: > On Sat, 2004-06-19 at 17:18, John A. Sullivan III wrote: > > On Sat, 2004-06-19 at 15:54, Postmaster wrote: > > > > But what, exactly, is the question? > > > > > > I'm not sure after your question. The following error "iptables: target > > > problem" comes, if i enter this rule in a user-chain: > > > iptables -t nat -A first_group -s a.b.c.d -d x/y -p tcp --dport 10001 \ > > > -j DNAT --to-destination 1.2.3.4:25 > > DNAT target can only be used with PREROUTING and OUTPUT. > > Dan Thankfully, that is not true! I just about had a heart attack because we make heavy use of DNAT outside of PREROUTING and OUTPUT in the automatic NAT configuration facility of the ISCS project (http://iscs.sourceforge.net). I've just tested it and, indeed, DNAT can be used in user created chains as long as those chains are in the nat table. Of course, if Postmaster's first_group chain is not in the nat table, that would be a problem :-) - John -- Open Source Development Corporation Financially sustainable open source development http://www.opensourcedevelopmentcorp.com
