iptables question

[Gregory Nowak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Jul 03, 2004 at 06:24:03PM -0500, Thomas Stivers wrote:
> From a quick look at the iptables man page I see:
> 
> This target is only valid in the nat table, in the PREROUTING and OUTPUT
> chains, and user-defined  chains  which  are only  called  from those
> chains.  It specifies that the destination address of the packet should
> be modified (and all future packets in this connection will also be
> mangled), and rules should cease being examined.
> 
> So it looks like you need to put it in prerouting instead of
> postrouting.
> 

It's amazing how after a while of working on something and not getting
anywhere, you start to miss things said in the man page (smile). I'm
still surprised that didn't give me any errors, or maybe it did, and I
didn't notice them, or I simply forgot to rerun the firewall script
after re-editing it the last time.

Anyway, I now have:

iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 25 -j DNAT
- --to-destination aaa.bbb.ccc.ddd

and when I run my script, I get at that line:

iptables: Invalid argument

which as you can see, is an extremely useful error message, whoever
wrote it, absolutely out did themselves in the creativity
department (grrrrrr).

BTW, I am substituting aaa.bbb.ccc.ddd with a correct IP address in
the actual script, so that can't be the problem.

> I think if it is done correctly you will get this result, but you should
> get the prompt message from aaa.bbb.cccc.ddd
> 

I guess it's not done correctly then, because I'm not getting the
prompt message from aaa.bbb.ccc.ddd, it just hangs there, which is the
normal behavior in my case.

Thanks.

Greg


- -- 
Free domains: http://www.eu.org/ or mail dns-manager at EU.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA51rs7s9z/XlyUyARAn0iAKCvcKA7tOcIZp177T//tB2yHMW2dACgtdqx
6PKGgtJuOL5Gz8YbnVM+Lmg=
=2VjY
-----END PGP SIGNATURE-----


!DSPAM:40e75aed226711737368970!