iptables and dnat
From: Sturla Holm Hansen (sturla_at_lundkommisjonen.no)
Date: 08/31/04
- Previous message: Ruairi Newman: "Re: Tux logo, Nvidia drivers, and framebuffer"
- Next in thread: Eric Gaumer: "Re: iptables and dnat"
- Reply: Eric Gaumer: "Re: iptables and dnat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 31 Aug 2004 17:40:54 +0200 To: debian-user@lists.debian.org
when I try to insert
iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 192.168.1.2:80
I get
iptables: No chain/target/match by that name
Below is my /var/lib/iptables/active
What am I doing wrong?
Anyone? Thanx :)
Sturla
#WinLin
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOGDROP - [0:0]
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m multiport
--dports 22,53,10000 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m udp --dport 53
-j ACCEPT
-A INPUT -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m multiport --dports
1,7,20,21,25,80,443,465,600,800,16001 -j ACCEPT
-A INPUT -p udp -m multiport --dports
1,7,20,21,25,80,443,465,600,800,16001 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOGDROP
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m multiport
--dports 20,21,22,25,53,80,110,194,443,995 -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m multiport
--dports 20,21,22,25,53,80,110,194,443,995 -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p icmp -m icmp
--icmp-type 8 -j ACCEPT
#-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport
1863 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOGDROP
-A OUTPUT -j ACCEPT
-A LOGDROP -j REJECT
COMMIT
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Ruairi Newman: "Re: Tux logo, Nvidia drivers, and framebuffer"
- Next in thread: Eric Gaumer: "Re: iptables and dnat"
- Reply: Eric Gaumer: "Re: iptables and dnat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- Re: iptables? redirect?
... > buzzer wrote: ... hook in nat are PREROUTING, POSTROUTING
AND OUTPUT! ... (comp.os.linux.networking) - Re: Port "triggering"
... :PREROUTING ACCEPT ... :POSTROUTING ACCEPT ... DNAT --to-destination
192.168.0.201 ... (comp.os.linux.security) - iptables masquerading/snat stop working upon moving to kernel 2.6
... Packet reach the PREROUTING chain but never reach ... POSTROUTING
chain. ... (linux.redhat.misc) - iptables masquerading/snat stop working upon moving to kernel 2.6
... Packet reach the PREROUTING chain but never reach ... POSTROUTING
chain. ... (comp.os.linux.networking) - Re: Probl?me sur Iptables
... :PREROUTING ACCEPT ... :POSTROUTING ACCEPT ... >> My debian
computer is an Adsl routeur. ... > You're not reinitialising the firewall. ...
(comp.os.linux.networking)
