What's wrong with this iptables command?

Hi all,

I'm trying to set up some port forwarding with iptables. I want all
traffic directed at eth0's IP address (the public interface) on tcp/8080
to be redirected to an internal host on the same port. Here's what I've got:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
192.168.135.210:8080
iptables: Invalid argument

iptables is v1.2.8, Linux is 2.4.20. Which argument is invalid? What
have I done wrong?

thanks a lot,
alec
--

Alec Waters wrote on 14.11.2003 13:54:


> Hi all,
>
> I'm trying to set up some port forwarding with iptables. I want all
> traffic directed at eth0's IP address (the public interface) on tcp/8080
> to be redirected to an internal host on the same port. Here's what I've
> got:
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
> 192.168.135.210:8080
> iptables: Invalid argument
>
> iptables is v1.2.8, Linux is 2.4.20. Which argument is invalid? What
> have I done wrong?

Shouldn't this be "DNAT --to-destination" instead of "DNAT --to"?

--
Walter

In article <3fb4d065$0$3148$(E-Mail Removed)>, Alec Waters <(E-Mail Removed)> wrote:
>Hi all,
>
>I'm trying to set up some port forwarding with iptables. I want all
>traffic directed at eth0's IP address (the public interface) on tcp/8080
>to be redirected to an internal host on the same port. Here's what I've got:
>
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
>192.168.135.210:8080
>iptables: Invalid argument
>
>iptables is v1.2.8, Linux is 2.4.20. Which argument is invalid? What
>have I done wrong?
>

Not sure but have the same probnlem.
In my case kernel required recompliation in order to implement NAT. I suspect
iptables requiers recompliation too. Investigating.

j131

In message <bpadrp$bpc$(E-Mail Removed)>, remove dot wrote:

> In article <3fb4d065$0$3148$(E-Mail Removed)>, Alec Waters
> <(E-Mail Removed)> wrote:
>>Hi all,
>>
>>I'm trying to set up some port forwarding with iptables. I want all
>>traffic directed at eth0's IP address (the public interface) on tcp/8080
>>to be redirected to an internal host on the same port. Here's what I've
>>got:
>>
>>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
>>192.168.135.210:8080
>>iptables: Invalid argument
>>
>>iptables is v1.2.8, Linux is 2.4.20. Which argument is invalid? What
>>have I done wrong?
>>
>
> Not sure but have the same probnlem.
> In my case kernel required recompliation in order to implement NAT. I
> suspect iptables requiers recompliation too. Investigating.
>
From the HOWTO:

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8080 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8080 \
-j DNAT --to $PORTFW:8080

You also need to sort out the return path with

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

The script variables are reasonably easy to work out, I think.

Dave
--
mail: da (E-Mail Removed) (without the space)
http://www.llondel.org/
So many gadgets, so little time...

In article <bpadrp$bpc$(E-Mail Removed)>, (E-Mail Removed) (remove dot) wrote:
>In article <3fb4d065$0$3148$(E-Mail Removed)>, Alec Waters
> <(E-Mail Removed)> wrote:
>>Hi all,
>>
>>I'm trying to set up some port forwarding with iptables. I want all
>>traffic directed at eth0's IP address (the public interface) on tcp/8080
>>to be redirected to an internal host on the same port. Here's what I've got:
>>
>>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to
>>192.168.135.210:8080
>>iptables: Invalid argument
>>
>>iptables is v1.2.8, Linux is 2.4.20. Which argument is invalid? What
>>have I done wrong?
>>
>
>Not sure but have the same probnlem.
>In my case kernel required recompliation in order to implement NAT. I suspect
>iptables requiers recompliation too. Investigating.
>

.. and confirming: after iptables recompilation with new kernel the "Invalid
argument" error is gone.

j131