On Thursday 12 August 2004 5:58 pm, Nicolás Velásquez O. wrote: > Hello there, > > I want to do some custom redirection rules, I've searched the web with > no success. > > What I want to do is to set the forward policy a redirect. You can only set the default policy of a chain to ACCEPT or DROP. > Here is what I was trying without success: > $IPTABLES -t nat -N MY_REDIRECTOR_POLICY > $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -p TCP --dport 80 -j > MY_REDIRECTOR_POLICY --to-port 81 > $IPTABLES -A MY_REDIRECTOR_POLICY -j REDIRECT --to-port 81 > $IPTABLES -A FORWARD -j MY_REDIRECTOR_POLICY > > That snip would go at the end of the rules. so it will work like a > policy. Yes, that would work in the same way as a default policy, agreed. However, the REDIRECT target is only valid in the net table, therefore your third rule above needs a "-t nat" in it. The first rule doesn't need "-t nat" because you are creating a chain, and user-defined chains contain all tables as standard. I don't understand why you don't simply write the second rule as "iptables -t nat -A PREROUTING -i $LAN_IFACE -p TCP --dport 80 -j REDIRECT --to 81" If you keep in mind that REDIRECT has to happen in the PREROUTING chain, which is before the FORWARD chain, you should be able to sort things out. Regards, Antony. -- "Note: Windows 98, Windows 98SE and Windows 95 are not affected by [MS Blaster]. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions." (which *are* affected by MS Blaster...) http://www.microsoft.com/security/security_bulletins/ms03-026.asp Please reply to the list; please don't CC me.