the rule should look like this. /sbin/iptables -t nat -A PREROUTING -p tcp --sport 15871 -j DNAT -d xxx.xxx.xxx.193 afaik you cannot use the -o switch in the nat prerouting chain. i assume you want to change the destination address. but which packet from which interface/ip address should be changed? the best way is you read the nat howto from the netfilter page. http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO.txt it is always better to know what are doing with your packets. greets matthias baake -----Ursprüngliche Nachricht----- Von: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]Im Auftrag von Chris Edwards Gesendet: Dienstag, 1. März 2005 12:39 An: netfilter@xxxxxxxxxxxxxxxxxxx Betreff: Rule syntax Hi, Need a bit of help with a rule. I've got a redhat box running a squid/websense installation. It's dualled interfaced on different network, and due to an update websense has done, is only contactable on the interface which can't see the default gateway. TO cut a long story short it aint working unless i can convince the reply packets to leave out the same interface. Putting a route in works for some but not all users, what i really need is to be able to redirect all the request as they try to go out eth1 to the gateway on eth0. I've been trying this command:- /sbin/iptables -t nat -A PREROUTING -o eth1 -p tcp --sport 15871 -j REDIRECT -d xxx.xxx.xxx.193 or /sbin/iptables -t nat -A OUTPUT -o eth1 -p tcp -s xxx.xxx.xxx.xxx -j REDIRECT -d xxx.xxx.xxx.193 I'm really new to iptables, only having done what the squid installation required, can anyone help with how to write a rule that does what i need? Chris =============================================== If the only tool you have is a hammer, every problem looks like a nail.
