On Tue, 12 Apr 2005, Jon Newman wrote:
-A PREROUTING -s 66.101.59.243 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 COMMIT # Completed on Tue Apr 12 09:38:04 2005
Shouldn't I supply the destination IP address when redirecting to port 8080? In other words, doesn't the current setup redirect the client to port 8080 on the ORIGINAL, INTERNET based server (which would be incorrect)? If so, how would I do so with iptables?
No. REDIRECT is equivalend to DNAT to the IP address of the interface where the packet was received and a specific port.
If you want to explicitly state the IP then you can use DNAT instead of REDIRECT. Both supports specifying the port to NAT to.
REgards Henrik