Hello, Andrew Beverley a écrit : > On Fri, 2013-02-15 at 11:24 -0500, John Corps wrote: >> >> iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport >> 53 -j REDIRECT --to-ports 53 >> iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp -m udp --dport >> 53 -j REDIRECT --to-ports 53 > > If you want to redirect the requests to the local server, then you'll > need to use the DNAT target instead. All you're doing in your rules is > changing to port 53 a packet that is destined to port 53 (so nothing at > all). Nonsense. You should read the manpage more carefully. QUOTE REDIRECT This target is only valid in the nat table, in the PREROUTING and OUT- PUT chains, and user-defined chains which are only called from those chains. It redirects the packet to the machine itself by changing the destination IP to the primary address of the incoming interface (locally-generated packets are mapped to the 127.0.0.1 address). END OF QUOTE -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
