iptables: can't set any ip address in rules

iptables: can't set any ip address in rules

[Salim]

Hello all,
    I am not able to set any rule that contsin ip address in the iptables.
For example I give this command

>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2

then, I issue the command >iptables -t nat -L. 

the result is 

Chain POSTROUTING (policy ACCEPT)
target           DNAT
prot              all
opt                --
source          anywhere
destination    0.0.0.0   to:0.0.0.0


I gave the command with verbose
>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2

it showed
DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0


for any command which has an ipaddress, the ip address always is always takes as 0.0.0.0

I am using Redhat Linux 2.4.25
iptables v1.3.3
MIPS embedded system.

I am confused. Any help will be greatly appreciated.

regards
Salim

Re: iptables: can't set any ip address in rules

[Rob Sterenborg]

> Hello all,
>     I am not able to set any rule that contsin ip address in the iptables.
> For example I give this command
>
>>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
           ^^^^^^^^^^^^^^^^
-t nat -A PREROUTING

You forgot "nat" after -t. Is that a typo or is this the actual rule you
are using ?

> then, I issue the command >iptables -t nat -L.
>
> the result is
>
> Chain POSTROUTING (policy ACCEPT)
> target           DNAT
> prot              all
> opt                --
> source          anywhere
> destination    0.0.0.0   to:0.0.0.0

You just added a PREROUTING rule, and now you're checking if a POSTROUTING
rule is correct...
Furthermore : POSTROUTING doesn't have DNAT (it has SNAT) so the result of
"iptables -t nat -L" are probably not copy-and-pasted.

> I gave the command with verbose
>>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
>
> it showed
> DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0

Again : -t nat

...
> I am confused. Any help will be greatly appreciated.

Don't know if it will solve your problem but :
- use "-t nat", not just "-t"
- check the chain you're adding a rule to (if it's PREROUTING, check
PREROUTING, not POSTROUTING)


Gr,
Rob

Re: iptables: can't set any ip address in rules

[Salim]

> Hello all,
>     I am not able to set any rule that contsin ip address in the iptables.
> For example I give this command
>
>>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
           ^^^^^^^^^^^^^^^^
-t nat -A PREROUTING

You forgot "nat" after -t. Is that a typo or is this the actual rule you
are using ?

[Salim] sorry, that was a typo. the actual rule includes -t nat

> then, I issue the command >iptables -t nat -L.
>
> the result is
>
> Chain POSTROUTING (policy ACCEPT)
> target           DNAT
> prot              all
> opt                --
> source          anywhere
> destination    0.0.0.0   to:0.0.0.0

You just added a PREROUTING rule, and now you're checking if a POSTROUTING
rule is correct...
Furthermore : POSTROUTING doesn't have DNAT (it has SNAT) so the result of
"iptables -t nat -L" are probably not copy-and-pasted.

[Salim] again, it was another typo. it is PREROUTING chain. my linux is in
another machine, so I couldn't copy and paste. I typed in manually.

> I gave the command with verbose
>>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
>
> it showed
> DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0

Again : -t nat

...
> I am confused. Any help will be greatly appreciated.

Don't know if it will solve your problem but :
- use "-t nat", not just "-t"
- check the chain you're adding a rule to (if it's PREROUTING, check
PREROUTING, not POSTROUTING)


Gr,
Rob

Re: iptables: can't set any ip address in rules

[Salim]

this issue has been solved. seems like 'unsigned long long' doesn't work on
my system. changed 'strtoull' to 'strtoul'. Now it looks okay.
thanks for all who have spent time on my question.

----- Original Message -----
From: "Salim" <salim.si@askey.com.tw>
To: <netfilter@lists.netfilter.org>
Sent: Monday, September 05, 2005 2:01 PM
Subject: iptables: can't set any ip address in rules


Hello all,
    I am not able to set any rule that contsin ip address in the iptables.
For example I give this command

>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2

then, I issue the command >iptables -t nat -L.

the result is

Chain POSTROUTING (policy ACCEPT)
target           DNAT
prot              all
opt                --
source          anywhere
destination    0.0.0.0   to:0.0.0.0


I gave the command with verbose
>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2

it showed
DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0


for any command which has an ipaddress, the ip address always is always
takes as 0.0.0.0

I am using Redhat Linux 2.4.25
iptables v1.3.3
MIPS embedded system.

I am confused. Any help will be greatly appreciated.

regards
Salim

Re: iptables: can't set any ip address in rules

[Sascha Reissner]

Please add a protocol to your rules (-p TCP or -p UDP) and it will work.

Regards,
Sascha

Salim wrote:
> this issue has been solved. seems like 'unsigned long long' doesn't work on
> my system. changed 'strtoull' to 'strtoul'. Now it looks okay.
> thanks for all who have spent time on my question.
> 
> ----- Original Message -----
> From: "Salim" <salim.si@askey.com.tw>
> To: <netfilter@lists.netfilter.org>
> Sent: Monday, September 05, 2005 2:01 PM
> Subject: iptables: can't set any ip address in rules
> 
> 
> Hello all,
>     I am not able to set any rule that contsin ip address in the iptables.
> For example I give this command
> 
> 
>>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
> 
> 
> then, I issue the command >iptables -t nat -L.
> 
> the result is
> 
> Chain POSTROUTING (policy ACCEPT)
> target           DNAT
> prot              all
> opt                --
> source          anywhere
> destination    0.0.0.0   to:0.0.0.0
> 
> 
> I gave the command with verbose
> 
>>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
> 
> 
> it showed
> DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0
> 
> 
> for any command which has an ipaddress, the ip address always is always
> takes as 0.0.0.0
> 
> I am using Redhat Linux 2.4.25
> iptables v1.3.3
> MIPS embedded system.
> 
> I am confused. Any help will be greatly appreciated.
> 
> regards
> Salim
> 
> 
> 

Re: iptables: can't set any ip address in rules

[Sascha Reissner]

Argh, i mean please add a protocol to the rule, and add the nat table to 
the rule.. you always use -t but you do not specify the nat table.. in 
your rules "-t" should be replaced with "-t nat"

regards,
sascha

Salim wrote:
> this issue has been solved. seems like 'unsigned long long' doesn't work on
> my system. changed 'strtoull' to 'strtoul'. Now it looks okay.
> thanks for all who have spent time on my question.
> 
> ----- Original Message -----
> From: "Salim" <salim.si@askey.com.tw>
> To: <netfilter@lists.netfilter.org>
> Sent: Monday, September 05, 2005 2:01 PM
> Subject: iptables: can't set any ip address in rules
> 
> 
> Hello all,
>     I am not able to set any rule that contsin ip address in the iptables.
> For example I give this command
> 
> 
>>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
> 
> 
> then, I issue the command >iptables -t nat -L.
> 
> the result is
> 
> Chain POSTROUTING (policy ACCEPT)
> target           DNAT
> prot              all
> opt                --
> source          anywhere
> destination    0.0.0.0   to:0.0.0.0
> 
> 
> I gave the command with verbose
> 
>>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
> 
> 
> it showed
> DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0
> 
> 
> for any command which has an ipaddress, the ip address always is always
> takes as 0.0.0.0
> 
> I am using Redhat Linux 2.4.25
> iptables v1.3.3
> MIPS embedded system.
> 
> I am confused. Any help will be greatly appreciated.
> 
> regards
> Salim
> 
> 
> 

Re: iptables: can't set any ip address in rules

[Rob Sterenborg]

> Please add a protocol to your rules (-p TCP or -p UDP) and it will work.

Could you explain why that is required ? Salim does not specify any port
in his rule.


Gr,
Rob

Re: iptables: can't set any ip address in rules

[Salim]

no Sascha, it was not the problem with protocol. And yes, i added -t nat to
the rule, it was a typing error that i missed it in the post.
for DNAT, I reckon, it is not necessary to add protocol, unless port number
is specified.
The problem was with strtoull function, I changed it to strtoul and it works
fine.
thanks

----- Original Message -----
From: "Sascha Reissner" <sascha.reissner@toxicnet.de>
To: "Salim" <salim.si@askey.com.tw>
Cc: <netfilter@lists.netfilter.org>
Sent: Wednesday, September 07, 2005 4:43 PM
Subject: Re: iptables: can't set any ip address in rules


> Argh, i mean please add a protocol to the rule, and add the nat table to
> the rule.. you always use -t but you do not specify the nat table.. in
> your rules "-t" should be replaced with "-t nat"
>
> regards,
> sascha
>
> Salim wrote:
> > this issue has been solved. seems like 'unsigned long long' doesn't work
on
> > my system. changed 'strtoull' to 'strtoul'. Now it looks okay.
> > thanks for all who have spent time on my question.
> >
> > ----- Original Message -----
> > From: "Salim" <salim.si@askey.com.tw>
> > To: <netfilter@lists.netfilter.org>
> > Sent: Monday, September 05, 2005 2:01 PM
> > Subject: iptables: can't set any ip address in rules
> >
> >
> > Hello all,
> >     I am not able to set any rule that contsin ip address in the
iptables.
> > For example I give this command
> >
> >
> >>iptables -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
> >
> >
> > then, I issue the command >iptables -t nat -L.
> >
> > the result is
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target           DNAT
> > prot              all
> > opt                --
> > source          anywhere
> > destination    0.0.0.0   to:0.0.0.0
> >
> >
> > I gave the command with verbose
> >
> >>iptables -v -t -A PREROUTING -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2
> >
> >
> > it showed
> > DNAT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0 to:0.0.0.0
> >
> >
> > for any command which has an ipaddress, the ip address always is always
> > takes as 0.0.0.0
> >
> > I am using Redhat Linux 2.4.25
> > iptables v1.3.3
> > MIPS embedded system.
> >
> > I am confused. Any help will be greatly appreciated.
> >
> > regards
> > Salim
> >
> >
> >
>