[SLUG] iptables DNAT help required
Sluggers, I'm playing around with DNAT on iptables but whenever I try to put the rule in I just get an error "Invalid argument". I've looked at a number of examples on the net and they all seem to be doing the same thing that I am. Does anyone know if there is a version problem? I've got kernel 2.4.7-10 and iptables 1.2.3-1 Basically I want to have my firewall allow http traffic through from the outside world to a linux box on the internal net but this is what happens.. # iptables -t nat -A POSTROUTING -p tcp -s 0/0 --dport 80 -j DNAT --to 192.168.1.99 iptables: Invalid argument Cluesticks? Thanks Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] iptables DNAT help required
Peter Rundle was once rumoured to have said: > Sluggers, > > I'm playing around with DNAT on iptables but whenever I try to put > the rule in I just get an error "Invalid argument". I've looked at a > number of examples on the net and they all seem to be doing the same > thing that I am. Does anyone know if there is a version problem? > I've got kernel 2.4.7-10 and iptables 1.2.3-1 > > Basically I want to have my firewall allow http traffic through from > the outside world to a linux box on the internal net but this is > what happens.. > > # iptables -t nat -A POSTROUTING -p tcp -s 0/0 --dport 80 -j DNAT --to > 192.168.1.99 > iptables: Invalid argument > > Cluesticks? s/POSTROUTING/PREROUTING/ DNAT has to be applied before a routing decision is made so the packets can be routed correctly. C. -- --==-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] iptables DNAT help required
On Sun, Mar 24, 2002 at 07:12:52PM +1100, Crossfire wrote: > Peter Rundle was once rumoured to have said: > > # iptables -t nat -A POSTROUTING -p tcp -s 0/0 --dport 80 -j DNAT --to > > 192.168.1.99 > > iptables: Invalid argument > > > > Cluesticks? > > s/POSTROUTING/PREROUTING/ > > DNAT has to be applied before a routing decision is made so the > packets can be routed correctly. Conversely, SNAT has to be applied in POSTROUTING. -- Daniel Stone<[EMAIL PROTECTED]> OMFG ... yesterday's head hunter wants contact information for Linus now that I told him he's probably the only person with 10 years of continuous Linux experience ;) msg21895/pgp0.pgp Description: PGP signature
Re: [SLUG] iptables DNAT help required
> > >s/POSTROUTING/PREROUTING/ > >DNAT has to be applied before a routing decision is made so the >packets can be routed correctly. > Hmmm, ok that makes sense. 'spose I should send a mail to the author and let him know that his webpage is wrong (uh hmm "incorrect" :-) Anyways the rule sticks now but I don't have successful connection yet. Is there a way to log / watch the packets? Do I need another matching rule to allow the return packets to be reverse nat'd so that they go back out to the internet? Thanks Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] iptables DNAT help required
Oops, Ignore that last question, I forgot to re-enable forwarding. Doh! But hey I love it when it's that easy. Cheers Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
