Redirecting internal tcp connections

Taylor, Grant gtaylor at riverviewtech.net
Fri Apr 15 22:17:26 CEST 2005


> You have to do this in the nat table and the prerouting or
> output chain, and you should use DNAT instead of REDIRECT,
> because REDIRECT is for packets with destination your own
> machine. So we have:
> 
> iptables -t nat -A PREROUTING -p tcp --dport 515 -j DNAT --to-
> destination remotehost.com:900

I would suggest that you add a destination match as well so that you don't blindly redirect traffic destend to any system's LPD port.  I.e. make your IPTables like look like this:

iptables -t nat -A PREROUTING -p tcp -d remotehost.com --dport 515 -j DNAT --to-destination remotehost.com:900



Grant. . . .



More information about the netfilter mailing list