On Thursday 2011-08-25 16:31, Marcin Mirosław wrote: > Hello! > Iptables accept such line without problem: > iptables -t nat -A PREROUTING -p tcp --dport pop3 -j DNAT --to-destination > 1.2.3.4:25 > > Destination port is defined by word. So i wanted to use use the same trick in > DNAT but i've got: > # iptables -t nat -A PREROUTING -p tcp --dport pop3 -j DNAT --to-destination > 1.2.3.4:smtp > iptables v1.4.12: Port `smtp' not valid > > Is it intentional behavior of iptables? I can't see any info about it in man. At least it is not a regression. DNAT does not accept names currently, and I can guess this is because of: Port names can contain pretty much any character except \0, so there is no way for DNAT, without symmetric delimiters like '[' and ']' for example, to know from the user specifying "smtp-imap" whether s/he means the single (fictional) port "smtp-imap", or the range 25--143. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
