On Mon, May 06, 2002 at 11:21:22PM +0100, Antony Stone wrote: > On Monday 06 May 2002 11:05 pm, Rick Stewart wrote: > > > > > > Can you REDIRECT in the FORWARD chain in the filter table? > > > > > > > > Nope, same errors. > > > > > > This was not a question but the solution... > > > Read the fine manuals. > > > > $ iptables -t filter -A FORWARD -s 206.168.119.1 -p tcp --dport 80 \ > > -j REDIRECT --to-port 3128 > > > > iptables: Invalid argument > > > > $ iptables -t filter -I FORWARD 1 -s 206.168.119.1 -p tcp --dport 80 \ > > -j REDIRECT --to-port 3128 > > > > iptables: Target problem > > > > So, no, I can't. > > This is because REDIRECT is a form of address translation - it affects the > TCP port numbers instead of the IP address, but it's still making a change > which is only allowed in the NAT table. Since there is no NAT hook > available in the FORWARD chain, you can't do what you're trying to do, in the > way you're trying to do it. > > Try putting the rule into PREROUTING with -t nat and you should be able to > get somewhere.....
Still no go -- exact same errors when I do the above commands s/filter/nat/; s/FORWARD/PREROUTING/... I've been battling this all day, and I tried that one too. Strange, no? Rick
