redirect doesn't seem to work?
Sat, 9 Nov 2002 12:57:24 +0000
On Tuesday 05 November 2002 4:41 am, Ben Russo wrote:
> Have a UNIX server. User wants to write programs to receive SNMPTraps.
> I *thought* I could redirect incomming traffic to port 162 to a high
> port, (like 4162) where the user could have his programs receive the
> messages with no special privelages?
> Anyway, a completely normal box, no special firewalling rules....
> The only rule I create is:
> iptables -t nat -A POSTROUTING -p udp -m udp --dport 162 -j REDIRECT
> --to-ports 4162
> Now, the user starts his program that binds to udp port 4162 ( I can see
> it with "netstat -nap" ) but he doesn't see any packets coming in.
> I run tcpdump -n | grep snmptrap and I see packets coming from the
> network to the server on udp port 162, and the server sending back icmp
> unreachable packets back to the sources??
> Why doesn't the redirect work?
Is this rule on the machine sending the SNMP traps, or the machine receiving
If it's on the sender, then the problem is that REDIRECT changes the
destination address to the machine the rule is on, therefore it will not get
to the destination.
If it's on the receiver, then the problem is that you've put the rule in the
POSTROUTING chain, which is not traversed by incoming packets, so they never
see the rule.
>From the description above in your first paragraph it sounds like you want to
run the netfilter rule on the machine which is receiving the traps, so try
iptables -A PREROUTING -t nat -p udp --dport 162 -j REDIRECT --to 4162
There are only 10 types of people in the world:
those who understand binary notation,
and those who don't.