I even tried redirecting a non-specific port to google.com's port 80, and
still no success:
root@filter:~# iptables -t nat -A PREROUTING -p tcp -s 0/0 --dport 10000
-j DNAT --to 64.233.187.104:80
root@filter:~# telnet 127.0.0.1 10000
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
root@filter:~# telnet 64.233.187.104 80
Trying 64.233.187.104...
Connected to 64.233.187.104.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
So as you can see, redirection, does not work however direct connection
does. Anyone have an idea?
Thanks.
Jon
> On Tue, 12 Apr 2005, Jon Newman wrote:
>
>> Using DNAT, via this command, still nets the same result:
>> iptables -t nat -A PREROUTING -p tcp -s x.x.x.x/32 --dport 80 -j DNAT
>> --to
>> 216.90.3.137:8080
>
> As I said it is equivalent. REDIRECT only saves you from entering the IP
> (automatic).
>
>> Any other ideas? I can't believe this is so difficult, this should be
>> simple and straight foreward...there must be something stupid I am
>> missing...PLEASE, anyone willing to point out my idiocy?
>
> Never ever had netfilter NAT fail on me.
>
> But if your intercepting router is running in "lollipop" mode (just one
> interface, next hop router on same interface as client station) then you
> may need disabling ICMP redirects.
>
> Regards
> Henrik
>
-- Jon Newman (jnewman@oplink.net) Systems Administrator/Software Engineer The Optimal Link (http://www.oplink.net)Received on Wed Apr 13 2005 - 14:02:49 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT