iptables: can't set any ip address in rules
Salim
salim.si at askey.com.tw
Mon Sep 5 08:53:13 CEST 2005
> Hello all,
> I am not able to set any rule that contsin ip address in the iptables.
> For example I give this command
>
>>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
^^^^^^^^^^^^^^^^
-t nat -A PREROUTING
You forgot "nat" after -t. Is that a typo or is this the actual rule you
are using ?
[Salim] sorry, that was a typo. the actual rule includes -t nat
> then, I issue the command >iptables -t nat -L.
>
> the result is
>
> Chain POSTROUTING (policy ACCEPT)
> target DNAT
> prot all
> opt --
> source anywhere
> destination 0.0.0.0 to:0.0.0.0
You just added a PREROUTING rule, and now you're checking if a POSTROUTING
rule is correct...
Furthermore : POSTROUTING doesn't have DNAT (it has SNAT) so the result of
"iptables -t nat -L" are probably not copy-and-pasted.
[Salim] again, it was another typo. it is PREROUTING chain. my linux is in
another machine, so I couldn't copy and paste. I typed in manually.
> I gave the command with verbose
>>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
>
> it showed
> DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0
Again : -t nat
...
> I am confused. Any help will be greatly appreciated.
Don't know if it will solve your problem but :
- use "-t nat", not just "-t"
- check the chain you're adding a rule to (if it's PREROUTING, check
PREROUTING, not POSTROUTING)
Gr,
Rob
More information about the netfilter
mailing list