snmptraps incomming on udp port 162 REDIRECT to 4162 not working?

[Ben Russo]

Hi,

I have a server that performs many functions on a testing/lab network.
I don't really need a firewall, but I do want to restrict users from
having root access.

Sometimes users want to be able to bind a process to a low port like say
an snmptrap receiver to port 162, but the process needs privelages to do
that.

So I had the bright idea of using iptables to redirect the incomming
packets on the low port to a high port that the users program can bind
to without problems.

I tried the following:

iptables -t nat -p udp -m udp --dport 162 -j REDIRECT --to-ports 4162

The user started his program that bound to udp port 4162 (I could see it
while using netstat -nap ).  But his program didn't receive anything?
tcpdump -n | egrep "snmptrap|162 
did show incomming snmptraps to port 162, but "icmp unreachable" replies
were sent back?

Any ideas on how to make this work?

Thanks in advance,
-Ben.