iptables and dnat

From: Sturla Holm Hansen (sturla_at_lundkommisjonen.no)
Date: 08/31/04

Next message: Lance Hoffmeyer: "Make-Kpkg SMP"

Previous message: Ruairi Newman: "Re: Tux logo, Nvidia drivers, and framebuffer"
Next in thread: Eric Gaumer: "Re: iptables and dnat"
Reply: Eric Gaumer: "Re: iptables and dnat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 31 Aug 2004 17:40:54 +0200
To: debian-user@lists.debian.org

when I try to insert

iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 192.168.1.2:80

I get

iptables: No chain/target/match by that name

Below is my /var/lib/iptables/active

What am I doing wrong?

Anyone? Thanx :)

Sturla

#WinLin
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOGDROP - [0:0]
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m multiport
--dports 22,53,10000 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m udp --dport 53
-j ACCEPT
-A INPUT -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m multiport --dports
1,7,20,21,25,80,443,465,600,800,16001 -j ACCEPT
-A INPUT -p udp -m multiport --dports
1,7,20,21,25,80,443,465,600,800,16001 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOGDROP
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m multiport
--dports 20,21,22,25,53,80,110,194,443,995 -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m multiport
--dports 20,21,22,25,53,80,110,194,443,995 -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p icmp -m icmp
--icmp-type 8 -j ACCEPT
#-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport
1863 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOGDROP
-A OUTPUT -j ACCEPT
-A LOGDROP -j REJECT
COMMIT

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Next message: Lance Hoffmeyer: "Make-Kpkg SMP"

Previous message: Ruairi Newman: "Re: Tux logo, Nvidia drivers, and framebuffer"
Next in thread: Eric Gaumer: "Re: iptables and dnat"
Reply: Eric Gaumer: "Re: iptables and dnat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: iptables? redirect?
... > buzzer wrote: ... hook in nat are PREROUTING, POSTROUTING AND OUTPUT! ...
(comp.os.linux.networking)
Re: Port "triggering"
... :PREROUTING ACCEPT ... :POSTROUTING ACCEPT ... DNAT --to-destination 192.168.0.201 ...
(comp.os.linux.security)
Re: set up NAT (network address translation) on local server
... *nat:PREROUTING ACCEPT:POSTROUTING ACCEPT:OUTPUT ACCEPT ... It seems unlikely that it was written correctly since the restart did not implement your SNAT rule, and this file is what a restart reads. ... # Permit IPSEC peer communications. ...
(Fedora)
iptables masquerading/snat stop working upon moving to kernel 2.6
... Packet reach the PREROUTING chain but never reach ... POSTROUTING chain. ...
(linux.redhat.misc)
iptables masquerading/snat stop working upon moving to kernel 2.6
... Packet reach the PREROUTING chain but never reach ... POSTROUTING chain. ...
(comp.os.linux.networking)