iptables -- trying to redirect, but doesn't work (and related guru question)
Alexander Dalloz
ad+lists at uni-x.org
Mon May 2 17:51:31 UTC 2005
Am Mo, den 02.05.2005 schrieb John G. Norman um 15:30:
> THANKS for the reply, but that didn't work. In fact, -j REDIRECT to a
> certain port and -j DNAT are equivalent (though with DNAT you have to
> say "--to 192.168.10.101:8080 (give an IP and a port). (For just one
> explanation of this, see
> http://www.linuxsecurity.com/content/view/117557/49/ where they note:
> "REDIRECT: This is a specialized case of DNAT that alters the
> destination IP address to send the packet to the machine itself. This
> is useful in circumstances where one wishes to redirect web traffic to
> a local proxy server, such as squid."
>
> In any case, I tried your suggestion:
>
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
> 192.168.10.101:8080
>
> Still doesn't work.
> John
Did we saw your full packet filtering (i.e. iptables -nvL)? I guess you
block the traffic somewhere else, at least I don't remember any case
where redirecting made me a problem.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.14_FC2smp
Serendipity 19:46:56 up 3:52, 18 users, 0.23, 0.14, 0.10
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20050502/52139481/attachment-0002.bin
More information about the users
mailing list