LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-27-2005, 08:08 PM   #1
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Rep: Reputation: 0
iptables redirect


Hi
i'm trying to redirect an ip to another ip with iptables..
but the rule don't work for the server

my setup:
192.168.0.10 is my server/router
192.168.0.20, 21, 22, [...] get internet acces from 192.168.0.10...

with this command, it's working for all my client:
iptables -t nat -A PREROUTING -d 200.200.200.200 -j DNAT --to 192.168.0.10
but don't work on my server/router
probably because my server don't use NAT ?!
any idea ?
i'm confused.. :P

btw.. my server have only 1 network card

thanks
sorry for bad english..
 
Old 07-27-2005, 09:12 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
I think what you want is the -j REDIRECT option instead.
 
Old 07-28-2005, 07:42 AM   #3
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Matir
I think what you want is the -j REDIRECT option instead.
thanks for reply

but in iptables manpage, it's write: "This target (-j REDIRECT) is only valid in the nat table" ..

all rules that contain "-t nat" seem to have no effect on my iptables server..
and "-j REDIRECT" take port number as parameters.. idealy, i would like to forward all ports and all packets (tcp/udp/icmp...).. to another ip...

 
Old 07-28-2005, 09:05 AM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
What exactly are you trying to do? Where are you trying to redirect packets?
 
Old 07-28-2005, 09:23 AM   #5
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Matir
What exactly are you trying to do? Where are you trying to redirect packets?
if someone try to go to this ip: 200.200.200.200
all traffic should be redirected to a specific computer in my LAN.. (my server: 192.168.0.10)

with this command, it's working for all my client:
iptables -t nat -A PREROUTING -d 200.200.200.200 -j DNAT --to 192.168.0.10

but on my server (which have iptables running) .. 200.200.200.200 -> 200.200.200.200 (on internet)
should be redirected to: 192.168.0.10.. (or 127.0.0.1.. because it's my iptables computer)

so
http://200.200.200.200/ ..should show: http://192.168.0.10
ping 200.200.200.200 ..should ping on: 192.168.0.10
 
Old 07-28-2005, 11:05 AM   #6
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
i'm RTFM..
in NAT-HOWTO-4.html
at the end:
********
If you want this rule to alter local connections as well (i.e., even on the NAT box itself, trying to telnet to 1.2.3.4's port 8080 will get you to 192.168.1.1's port 80), you can insert the same rule in the OUTPUT chain (which is for local outgoing packets):

# Linux 2.4
iptables -A OUTPUT -t nat -p tcp -d 1.2.3.4 --dport 8080 \
-j DNAT --to 192.168.1.1:80
************

> iptables -A OUTPUT -t nat -p tcp -d 1.2.3.4 --dport 8080 -j DNAT --to 192.168.1.1:80
Return: iptables: Invalid argument ??

idealy, i would like to do an:
> iptables -A OUTPUT -t nat -p tcp -d 200.200.200.200 -j DNAT --to 192.168.0.10
Return: iptables: Invalid argument ??

> iptables --version
iptables v1.2.9

any idea ?
 
Old 07-28-2005, 11:56 AM   #7
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
There shouldn't be a -t nat in there. My guess is it's a typo. Just remove -t nat and that should work, I think.
 
Old 07-28-2005, 12:02 PM   #8
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Matir
There shouldn't be a -t nat in there. My guess is it's a typo. Just remove -t nat and that should work, I think.
iptables: Invalid argument

with or without "-t nat" OUTPUT don't seem to work...

i'm reading something about CONFIG_IP_NF_NAT_LOCAL=Y in kernel.....
(http://groups.google.com/groups?hl=f....de%26rnum%3D9)
 
Old 07-28-2005, 12:27 PM   #9
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
after reading so many threads.. like this one:
http://groups.google.com/groups?q=%2...al.net&rnum=51

I must enable CONFIG_IP_NF_NAT_LOCAL=y in my kernel

do you know how can I do this WITHOUT rebuild kernel...
(for testing)

i compile few kernel in the past.. with so many prob....
i don't want to fu*k my server
 
Old 07-28-2005, 12:32 PM   #10
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
The *ONLY* way to change kernel options is to perform a kernel compile.
 
Old 07-28-2005, 12:36 PM   #11
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Matir
The *ONLY* way to change kernel options is to perform a kernel compile.


thanks for your help Matir

i'll post my result
maybe in fews days.. i'm not crazy.. i'm gonna use 'ghost.exe' before 'make'

Last edited by patvrs; 07-28-2005 at 12:38 PM.
 
Old 07-28-2005, 12:51 PM   #12
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
LOL. Kernel recompiles aren't that bad. I do them quite regularly.
 
Old 07-28-2005, 01:03 PM   #13
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Matir
LOL. Kernel recompiles aren't that bad. I do them quite regularly.
thanks for your positive energy

but i remember.. with my P1 133MHz ..
slackware distribution
update kernel 1.2.1 to 1.2.2
at least 3 'make config' .. because i miss THE setting to change to 'yes'
3 hour for compile kernel...
1/2 hour for 'make intall'
3 days to find why module version don't match with kernel version (forget 'make modules')

 
Old 07-28-2005, 01:08 PM   #14
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
LOL. Much better these days. Use 'make menuconfig'
 
Old 07-28-2005, 01:11 PM   #15
patvrs
LQ Newbie
 
Registered: Jul 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Matir
LOL. Much better these days. Use 'make menuconfig'
LOL..

i suppose you already know about this.. but there is also 'make xconfig' for X
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some sort of redirect with iptables? zooper Linux - Networking 2 09-22-2005 02:11 AM
iptables redirect _ben_deb_ Linux - Networking 7 11-13-2004 05:06 AM
Iptables redirect and pop3vscan soltrain Linux - Networking 1 08-04-2003 08:09 AM
iptables redirect slack Linux - Networking 0 06-17-2002 04:04 AM
iptables redirect bhartnett Linux - Networking 1 09-26-2001 09:11 PM


All times are GMT -5. The time now is 01:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration