|
iptables redirect
Hi
i'm trying to redirect an ip to another ip with iptables.. but the rule don't work for the server my setup: 192.168.0.10 is my server/router 192.168.0.20, 21, 22, [...] get internet acces from 192.168.0.10... with this command, it's working for all my client: iptables -t nat -A PREROUTING -d 200.200.200.200 -j DNAT --to 192.168.0.10 but don't work on my server/router :( probably because my server don't use NAT ?! any idea ? i'm confused.. :P btw.. my server have only 1 network card thanks sorry for bad english.. |
I think what you want is the -j REDIRECT option instead.
|
Quote:
but in iptables manpage, it's write: "This target (-j REDIRECT) is only valid in the nat table" .. all rules that contain "-t nat" seem to have no effect on my iptables server.. and "-j REDIRECT" take port number as parameters.. idealy, i would like to forward all ports and all packets (tcp/udp/icmp...).. to another ip... :confused: |
What exactly are you trying to do? Where are you trying to redirect packets?
|
Quote:
all traffic should be redirected to a specific computer in my LAN.. (my server: 192.168.0.10) with this command, it's working for all my client: iptables -t nat -A PREROUTING -d 200.200.200.200 -j DNAT --to 192.168.0.10 but on my server (which have iptables running) .. 200.200.200.200 -> 200.200.200.200 (on internet) should be redirected to: 192.168.0.10.. (or 127.0.0.1.. because it's my iptables computer) so http://200.200.200.200/ ..should show: http://192.168.0.10 ping 200.200.200.200 ..should ping on: 192.168.0.10 |
i'm RTFM..
in NAT-HOWTO-4.html at the end: ******** If you want this rule to alter local connections as well (i.e., even on the NAT box itself, trying to telnet to 1.2.3.4's port 8080 will get you to 192.168.1.1's port 80), you can insert the same rule in the OUTPUT chain (which is for local outgoing packets): # Linux 2.4 iptables -A OUTPUT -t nat -p tcp -d 1.2.3.4 --dport 8080 \ -j DNAT --to 192.168.1.1:80 ************ > iptables -A OUTPUT -t nat -p tcp -d 1.2.3.4 --dport 8080 -j DNAT --to 192.168.1.1:80 Return: iptables: Invalid argument ?? :confused: idealy, i would like to do an: > iptables -A OUTPUT -t nat -p tcp -d 200.200.200.200 -j DNAT --to 192.168.0.10 Return: iptables: Invalid argument ?? :confused: > iptables --version iptables v1.2.9 any idea ? |
There shouldn't be a -t nat in there. My guess is it's a typo. Just remove -t nat and that should work, I think.
|
Quote:
:( with or without "-t nat" OUTPUT don't seem to work... i'm reading something about CONFIG_IP_NF_NAT_LOCAL=Y in kernel..... (http://groups.google.com/groups?hl=f....de%26rnum%3D9) |
after reading so many threads.. like this one:
http://groups.google.com/groups?q=%2...al.net&rnum=51 I must enable CONFIG_IP_NF_NAT_LOCAL=y in my kernel do you know how can I do this WITHOUT rebuild kernel... (for testing) i compile few kernel in the past.. with so many prob.... i don't want to fu*k my server |
The *ONLY* way to change kernel options is to perform a kernel compile.
|
Quote:
thanks for your help Matir i'll post my result maybe in fews days.. i'm not crazy.. i'm gonna use 'ghost.exe' before 'make' ;) |
LOL. Kernel recompiles aren't that bad. I do them quite regularly.
|
Quote:
but i remember.. with my P1 133MHz .. slackware distribution update kernel 1.2.1 to 1.2.2 at least 3 'make config' .. because i miss THE setting to change to 'yes' 3 hour for compile kernel... 1/2 hour for 'make intall' 3 days to find why module version don't match with kernel version (forget 'make modules') :rolleyes: |
LOL. Much better these days. Use 'make menuconfig' :)
|
Quote:
i suppose you already know about this.. but there is also 'make xconfig' for X |
| All times are GMT -5. The time now is 06:56 AM. |