Find the answer to your Linux question:
Results 1 to 5 of 5
Hi all, I have a custom hardware in which i have ported linux onto it and enabled iptable support in kernel also. When i issue the following command i am ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2009
    Location
    Chennai, India
    Posts
    28

    Arrow [SOLVED] Problem with iptables


    Hi all,

    I have a custom hardware in which i have ported linux onto it and enabled iptable support in kernel also.

    When i issue the following command i am getting error

    Code:
    iptables -t nat -A OUTPUT -p tcp -d 10.0.3.92 -j DNAT -to-destination 10.0.3.100
    I am getting
    iptables v1.2.11: Unknown arg `--to-destination'
    Try `iptables -h' or 'iptables --help' for more information.

    But when i tried the same command in my FC8 linux machine it is working fine..

    Any help?

  2. #2
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    DNAT is only valid as part of the PREROUTING chain, so what you want is something like this:
    Code:
    iptables -t nat -A PREROUTING -p tcp -d 10.0.3.92 -j DNAT -to-destination 10.0.3.100

  3. #3
    Just Joined!
    Join Date
    Feb 2009
    Location
    Chennai, India
    Posts
    28
    Krendoshazin, thanks for your reply

    But I have seen man page of iptables, where both PREROUTING and OUTPUT chains are allowed
    DNAT
    This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It specifies that the destination address of the packet should be modified (and all future packets in this connection will also be mangled), and rules should cease
    being examined. It takes one type of option:

    --to-destination [ipaddr][-ipaddr][ort-port]
    which can specify a single new destination IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies -p tcp or -p udp). If no port range is specified, then the destination port will never be modified. If no IP address is specified then only the destination port will be modified.

    In Kernels up to 2.6.10 you can add several --to-destination options. For those kernels, if you specify more than one destination address, either via an address range or multiple --to-destination options, a simple round-robin (one after another in cycle) load balancing takes place between these addresses. Later Kernels (>= 2.6.11-rc1) donāt have the ability to NAT to multiple ranges anymore.

    --random
    If option --random is used then port mapping will be randomized (kernel >= 2.6.22).
    So i don't think that is the problem..You have any other suggestion

  4. #4
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    OUTPUT is for traffic leaving the system, not entering it. PREROUTING modifies the packet before it's even dealt with by the system so it's sent to the proper destination.

  5. #5
    Just Joined!
    Join Date
    Feb 2009
    Location
    Chennai, India
    Posts
    28
    Hi all,

    I finally resolved it, actually i forgot to include the library's under /lib/iptables

    -BalaC-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •