On Monday 06 May 2002 11:05 pm, Rick Stewart wrote: > > > > Can you REDIRECT in the FORWARD chain in the filter table? > > > > > > Nope, same errors. > > > > This was not a question but the solution... > > Read the fine manuals. > > $ iptables -t filter -A FORWARD -s 206.168.119.1 -p tcp --dport 80 \ > -j REDIRECT --to-port 3128 > > iptables: Invalid argument > > $ iptables -t filter -I FORWARD 1 -s 206.168.119.1 -p tcp --dport 80 \ > -j REDIRECT --to-port 3128 > > iptables: Target problem > > So, no, I can't.
This is because REDIRECT is a form of address translation - it affects the TCP port numbers instead of the IP address, but it's still making a change which is only allowed in the NAT table. Since there is no NAT hook available in the FORWARD chain, you can't do what you're trying to do, in the way you're trying to do it. Try putting the rule into PREROUTING with -t nat and you should be able to get somewhere..... Antony
