Hello netfilter friends, I want to redirect all connections going to port 80 of a host to port 8080 of the same host. Of course I do it with the REDIRECT target: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 The redirection of externally incoming connections via PREROUTING works perfectly fine. But I have the problem that locally generated connections are not redirected on machines with Linux Kernel 2.6 but on machines with Linux Kernel 2.4. I tested: SuSE Linux 9.0 (Kernel 2.4.21, iptables v1.2.8) - works SuSE Linux 9.1 (Kernel 2.6.5, iptables v1.2.9) - does not work SuSE Linux 9.2 (Kernel 2.6.8, iptables v1.2.11) - does not work Gentoo Linux (Kernel 2.6.9, iptables v1.2.11) - does not work "iptables -t nat -L -v" shows that no packet at all was catched by the OUTPUT chain. Instead it seems to go to the POSTROUTING chain. But the REDIRECT target can't be used in the POSTROUTING chain. Is this a bug? Is this a feature? Did something change between Kernel 2.4 and 2.6 in this regard? I looked through the ChangeLogs and other docs but didn't find any hint. Stephan
Attachment:
pgpmtfjRmubs2.pgp
Description: PGP signature
