buzzer wrote:
>> I'm trying to get all packets coming from localhost and going to a
>> specific host be redirected to go to my own localhost (don't know
>> whether I put it correctly - not native)
>> I've tried;
>> iptables -t nat -A OUTPUT -p all -d specific_ip -j REDIRECT
>> and:
>> iptables -t nat -A OUTPUT -p all -d specific_ip -j DNAT
>> -to-destination 127.0.0.1
>> but they don't seem to work. I don't know what I am doing wrong
>> Does anyone has any idea?
>> Thanks in advance!
>
> There's no OUTPUT in nat !!
>
> only PREROUTING, FORWARD and POSTROUTING !
>
??
For example:
"The NAT code allows you to insert DNAT rules in the OUTPUT chain, but
this is not fully supported in 2.4 (it can be, but it requires a new
configuration option, some testing, and a fair bit of coding, so unless
someone contracts Rusty to write it, I wouldn't expect it soon).
The current limitation is that you can only change the destination to
the local machine (e.g. `j DNAT --to 127.0.0.1'), not to any other
machine, otherwise the replies won't be translated correctly."
Some other tutorials are also talking about output in nat but not
thoroughly enough.
Besides I have 2.6. Maybe this is still a bug or something?
> if you want to redirect to localhost (like a transparent pop3 gateway
> for antivirus) you should put your rule in PREROUTING.
> don't forget to limit this rule to your localnet or to the card that's
> in your lan !
I've done it already for all (iptables -t nat -A PREROUTING -p all -d
specific_ip -j REDIRECT), because I really want to dnat to localhost all
packets going to a specific ip. But so far it only works for connections
from the local net and don't want to NAT packets from the localhost.
Any other clue?
--
M3ntos
|
Similar Threads
Linear Mode
