Results 1 to 5 of 5
Hi all,
I have a custom hardware in which i have ported linux onto it and enabled iptable support in kernel also.
When i issue the following command i am ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-25-2009 #1Just Joined!
- Join Date
- Feb 2009
- Location
- Chennai, India
- Posts
- 28
[SOLVED] Problem with iptables
Hi all,
I have a custom hardware in which i have ported linux onto it and enabled iptable support in kernel also.
When i issue the following command i am getting error
I am gettingCode:iptables -t nat -A OUTPUT -p tcp -d 10.0.3.92 -j DNAT -to-destination 10.0.3.100
iptables v1.2.11: Unknown arg `--to-destination'
Try `iptables -h' or 'iptables --help' for more information.
But when i tried the same command in my FC8 linux machine it is working fine..
Any help?
- 05-25-2009 #2Linux User
- Join Date
- Feb 2005
- Location
- London, England
- Posts
- 463
DNAT is only valid as part of the PREROUTING chain, so what you want is something like this:
Code:iptables -t nat -A PREROUTING -p tcp -d 10.0.3.92 -j DNAT -to-destination 10.0.3.100
Great GNU/Linux references and resources:
The Linux Documentation Project
Rute User's Tutorial and Exposition
GNU/Linux Man Pages
- 05-25-2009 #3Just Joined!
- Join Date
- Feb 2009
- Location
- Chennai, India
- Posts
- 28
Krendoshazin, thanks for your reply
But I have seen man page of iptables, where both PREROUTING and OUTPUT chains are allowed
So i don't think that is the problem..You have any other suggestionDNAT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It specifies that the destination address of the packet should be modified (and all future packets in this connection will also be mangled), and rules should cease
being examined. It takes one type of option:
--to-destination [ipaddr][-ipaddr][
ort-port]
which can specify a single new destination IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies -p tcp or -p udp). If no port range is specified, then the destination port will never be modified. If no IP address is specified then only the destination port will be modified.
In Kernels up to 2.6.10 you can add several --to-destination options. For those kernels, if you specify more than one destination address, either via an address range or multiple --to-destination options, a simple round-robin (one after another in cycle) load balancing takes place between these addresses. Later Kernels (>= 2.6.11-rc1) donāt have the ability to NAT to multiple ranges anymore.
--random
If option --random is used then port mapping will be randomized (kernel >= 2.6.22).
- 05-25-2009 #4Linux User
- Join Date
- Feb 2005
- Location
- London, England
- Posts
- 463
OUTPUT is for traffic leaving the system, not entering it. PREROUTING modifies the packet before it's even dealt with by the system so it's sent to the proper destination.
Great GNU/Linux references and resources:
The Linux Documentation Project
Rute User's Tutorial and Exposition
GNU/Linux Man Pages
- 05-28-2009 #5Just Joined!
- Join Date
- Feb 2009
- Location
- Chennai, India
- Posts
- 28
Hi all,
I finally resolved it, actually i forgot to include the library's under /lib/iptables
-BalaC-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
