Trying to update an iptable.

Hi

I had this iptables that was working very well :

iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60104 -j DNAT --to-destination 10.1.1.97

iptables -t nat -A POSTROUTING -s 10.1.1.97 -o eth0 -p sctp -m sctp --sport 60104 -j SNAT --to-source 10.102.201.65

In fact it simply redirect was come from an external adres with dport 60104 to internal adress 10.1.1.97 on the same dport.

Also what come from 10.1.1.97 on sport 60104 is forward to the external adress but the source adress is changed before to be sent.

This being said I have added the following line in my iptable and they dont seem to kick in. Since i am a beginner with iptable maybe i bypass a basic rule....

Anybody can help ?



iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60104 -j DNAT --to-destination 10.1.1.97
iptables -t nat -A POSTROUTING -s 10.1.1.97 -o eth0 -p sctp -m sctp --sport 60104 -j SNAT --to-source 10.102.201.65

iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60107 -j DNAT --to-destination 10.1.1.97
iptables -t nat -A POSTROUTING -s 10.1.1.97 -o eth0 -p sctp -m sctp --sport 60107 -j SNAT --to-source 10.102.201.65

iptables -t nat -A PREROUTING -d 10.102.201.65 -i eth0 -p sctp -m sctp --dport 60041 -j DNAT --to-destination 10.1.1.10
iptables -t nat -A POSTROUTING -s 10.1.1.10 -o eth0 -p sctp -m sctp --sport 60041 -j SNAT --to-source 10.102.201.65

When i received a message with source port 60041 it is still redirected to 10.1.1.97.........? Please educate me :0)

Take a look at this 'TUTORIAL' and here for 'SCTP matches'.

I manageg to get it work. The problem is not reallly on my IP table . It is on the fact that the previous iptable is not properly clean before i load this one.We suspect we have a problem with our customized version of montavista which prevent the clearing of the iptable even if i use the apropriate command.

I am still playing with it and keep you inform.

Jeff