Temporary redirection with DNAT and SNAT (nfcan: addressed to exclusive sender for this address)

Jim Laurino nfcan.x.jimlaur at dfgh.net
Wed Apr 27 04:36:13 CEST 2005

On 2005.04.26 13:13, Kirk - whereisgui at gmail.com wrote:
> Hello,
> I have to shutdown a proxy server for a few days and I need to
> redirect its traffic to a server behind an iptables firewall. Here's
> what I want to do:
> But I'm having problems with the second part. The SNAT rule:
> -I POSTROUTING -s --sport 2050  -o eth0 -j SNAT --to
> #This one seems OK too.
> -A PREROUTING -i eth0 -p tcp -d $PUBLIC_IP --dport  80 -j DNAT --to
> $PRIVATE_IP:2050
> The SNAT rule generates the error:
> Applying iptables firewall rules: iptables-restore v1.2.11: Unknown
> arg `--sport'

I think the difference is that the SNAT rule does not
specify the protocol the way the DNAT rule does ( -p tcp ).
You can only specify a source port for a
protocol that uses the concept of a "port".

> Could someone provide help to solve this problem?


Jim Laurino
nfcan.x.jimlaur at dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.

More information about the netfilter mailing list