iptables: DNAT + user defined chains

My firewall configuration consist of many rules which redirect some
ports on my server to particular hosts in lan. I wanted to reduce them
so I tried to do something like this:

iptables -t nat -N new
iptables -t -A PREROUTING -i ethX -p tcp --dport <port>:<port> -j new

and in chain 'new' redirect port to right machine. The problem is that
in chain 'new' i have no option '--to-destination'. Is it possible to do
this or where can i find some info about it?

Jan Kanty Palus wrote:

> iptables -t nat -N new
> iptables -t -A PREROUTING -i ethX -p tcp --dport <port>:<port> -j new

Just for clarification:

Should the second line not start with:
iptables -t _nat_ -A PREROUTING

Please make Yourself clear here.


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

> Just for clarification:
>
> Should the second line not start with:
> iptables -t _nat_ -A PREROUTING
>
> Please make Yourself clear here.
>

Oh it was just a mistake in writing the post, but I found out
there was another mistake in writing rules... I tried to put
'--to <ip>' option in my user-defined chain rule, before I
gave a target '-j DNAT' so iptables didn't know antything about
it, and gave an error. Now everything works fine, sorry for
problem and thanks for reply.