DNAT + user defined chains

DNAT + user defined chains

[Jan Kanty Palus]

My firewall configuration consist of many rules which redirect some ports
on my server to particular hosts in lan. I wanted to reduce them so I tried
to do something like this:

iptables -t nat -N new
iptables -t -A PREROUTING -i ethX -p tcp --dport <port>:<port> -j new

and in chain 'new' redirect port to right machine. The problem is that in 
chain 'new' i have no option '--to-destination'. Is it possible to do 
this or where can i find some info about it?

Re: DNAT + user defined chains

[John A. Sullivan III]

On Fri, 2004-03-05 at 12:00, Jan Kanty Palus wrote:
> My firewall configuration consist of many rules which redirect some ports
> on my server to particular hosts in lan. I wanted to reduce them so I tried
> to do something like this:
> 
> iptables -t nat -N new
> iptables -t -A PREROUTING -i ethX -p tcp --dport <port>:<port> -j new
> 
> and in chain 'new' redirect port to right machine. The problem is that in 
> chain 'new' i have no option '--to-destination'. Is it possible to do 
> this or where can i find some info about it?

Hmmm . . . I just tried creating such a chain and adding a bogus DNAT
rule to it and it worked fine.  I haven't tested it with real traffic
but I assume you are getting some kind of error when you try to add a
rule.  What error are you getting? Are you remembering the preface the
-A or -I with -t nat?
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net