iptables: DNAT + user defined chains

Discussion in 'Linux Networking' started by Jan Kanty Palus, Mar 5, 2004.

  1. My firewall configuration consist of many rules which redirect some
    ports on my server to particular hosts in lan. I wanted to reduce them
    so I tried to do something like this:

    iptables -t nat -N new
    iptables -t -A PREROUTING -i ethX -p tcp --dport <port>:<port> -j new

    and in chain 'new' redirect port to right machine. The problem is that
    in chain 'new' i have no option '--to-destination'. Is it possible to do
    this or where can i find some info about it?
    Jan Kanty Palus, Mar 5, 2004
  2. Jan Kanty Palus

    jack Guest

    Just for clarification:

    Should the second line not start with:
    iptables -t _nat_ -A PREROUTING

    Please make Yourself clear here.

    Cheers, Jack.
    jack, Mar 5, 2004
  3. Just for clarification:
    Oh it was just a mistake in writing the post, but I found out
    there was another mistake in writing rules... I tried to put
    '--to <ip>' option in my user-defined chain rule, before I
    gave a target '-j DNAT' so iptables didn't know antything about
    it, and gave an error. Now everything works fine, sorry for
    problem and thanks for reply.
    Jan Kanty Palus, Mar 6, 2004
