I even tried redirecting a non-specific port to google.com's port 80, and still no success: root@filter:~# iptables -t nat -A PREROUTING -p tcp -s 0/0 --dport 10000 -j DNAT --to 64.233.187.104:80 root@filter:~# telnet 127.0.0.1 10000 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused root@filter:~# telnet 64.233.187.104 80 Trying 64.233.187.104... Connected to 64.233.187.104. Escape character is '^]'. ^] telnet> quit Connection closed. So as you can see, redirection, does not work however direct connection does. Anyone have an idea? Thanks. Jon > On Tue, 12 Apr 2005, Jon Newman wrote: > >> Using DNAT, via this command, still nets the same result: >> iptables -t nat -A PREROUTING -p tcp -s x.x.x.x/32 --dport 80 -j DNAT >> --to >> 216.90.3.137:8080 > > As I said it is equivalent. REDIRECT only saves you from entering the IP > (automatic). > >> Any other ideas? I can't believe this is so difficult, this should be >> simple and straight foreward...there must be something stupid I am >> missing...PLEASE, anyone willing to point out my idiocy? > > Never ever had netfilter NAT fail on me. > > But if your intercepting router is running in "lollipop" mode (just one > interface, next hop router on same interface as client station) then you > may need disabling ICMP redirects. > > Regards > Henrik > -- Jon Newman (jnewman@xxxxxxxxxx) Systems Administrator/Software Engineer The Optimal Link (http://www.oplink.net)
