Re: iptables: can't set any ip address in rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hello all,
>     I am not able to set any rule that contsin ip address in the iptables.
> For example I give this command
>
>>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
           ^^^^^^^^^^^^^^^^
-t nat -A PREROUTING

You forgot "nat" after -t. Is that a typo or is this the actual rule you
are using ?

[Salim] sorry, that was a typo. the actual rule includes -t nat

> then, I issue the command >iptables -t nat -L.
>
> the result is
>
> Chain POSTROUTING (policy ACCEPT)
> target           DNAT
> prot              all
> opt                --
> source          anywhere
> destination    0.0.0.0   to:0.0.0.0

You just added a PREROUTING rule, and now you're checking if a POSTROUTING
rule is correct...
Furthermore : POSTROUTING doesn't have DNAT (it has SNAT) so the result of
"iptables -t nat -L" are probably not copy-and-pasted.

[Salim] again, it was another typo. it is PREROUTING chain. my linux is in
another machine, so I couldn't copy and paste. I typed in manually.

> I gave the command with verbose
>>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
>
> it showed
> DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0

Again : -t nat

...
> I am confused. Any help will be greatly appreciated.

Don't know if it will solve your problem but :
- use "-t nat", not just "-t"
- check the chain you're adding a rule to (if it's PREROUTING, check
PREROUTING, not POSTROUTING)


Gr,
Rob






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux