Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello.
I use below iptables command on Debian but got an error :
$ sudo iptables -A INPUT -p tcp -j FORWARD --to-destination 172.30.10.11
iptables v1.4.14: unknown option "--to-destination"
Try `iptables -h' or 'iptables --help' for more information.
May I suggest the man page?
There is no target named FORWARD. There is however a FORWARD chain.
--to-destination is a parameter for the BALANCE and DNAT targets.
The suggested REDIRECT wouldn't work I guess. This is what the man page says:
Quote:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It redirects the packet to the machine itself by changing the destination IP to the primary address of the incoming interface (locally-generated packets are mapped to the 127.0.0.1 address). It takes one option:
--to-ports port[-port]
This specifies a destination port or range of ports to use: without this, the destination port is never altered. This is only valid if the rule also specifies -p tcp or -p udp.
Well, what exactly is it that you want to accomplish?
The INPUT chain in the filter table is for filtering incoming traffic only. If you wish to redirect incoming traffic to another host, that's called "network address translation" ("destination NAT" to be precise), so you'll need to use the PREROUTING chain in the nat table:
Thank you.
For example, I want when someone Remote Desktop to me then they request forward to 172.30.10.11 that is a Windows machine. I guess remote desktop port is 3389 on Windows but how about "--dport" ?
TI guess remote desktop port is 3389 on Windows but how about "--dport" ?
The --dport parameter is used to specify the destination port number of the original, un-NATed packet. You can use the same port number as the service you're redirecting the packet to, but it is also possible to use a different port.
You may want to add an input interface match (-i <interface>) to the PREROUTING rule and perhaps both an input and an output interface match (-i <interface> -o <interface>) to the FORWARD rule.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.