Temporary redirection with DNAT and SNAT (nfcan: addressed to exclusive sender for this address)

Jim Laurino nfcan.x.jimlaur at dfgh.net
Wed Apr 27 04:36:13 CEST 2005


On 2005.04.26 13:13, Kirk - whereisgui at gmail.com wrote:
> Hello,
> 
> I have to shutdown a proxy server for a few days and I need to
> redirect its traffic to a server behind an iptables firewall. Here's
> what I want to do:
>
snip
> 
> But I'm having problems with the second part. The SNAT rule:
> -I POSTROUTING -s 192.168.0.3 --sport 2050  -o eth0 -j SNAT --to
> 130.17.174.108
> 
> #This one seems OK too.
> -A PREROUTING -i eth0 -p tcp -d $PUBLIC_IP --dport  80 -j DNAT --to
> $PRIVATE_IP:2050
> 
> 
> The SNAT rule generates the error:
> Applying iptables firewall rules: iptables-restore v1.2.11: Unknown
> arg `--sport'

I think the difference is that the SNAT rule does not
specify the protocol the way the DNAT rule does ( -p tcp ).
You can only specify a source port for a
protocol that uses the concept of a "port".

> 
> Could someone provide help to solve this problem?
>

HTH

-- 
Jim Laurino
nfcan.x.jimlaur at dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.



More information about the netfilter mailing list