From mboxrd@z Thu Jan 1 00:00:00 1970 From: Georgi Georgiev Subject: Re: local NAT; reconfigured kernel, problems still Date: Tue, 1 Apr 2008 20:00:29 +0900 Message-ID: <20080401110029.GA1025@lion.gg3.net> References: <20080401094014.8143178C95@gam.mel.teaser.net> Mime-Version: 1.0 Return-path: Content-Disposition: inline In-Reply-To: <20080401094014.8143178C95@gam.mel.teaser.net> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: netfilter@vger.kernel.org maillog: 01/04/2008-11:40:14(+0200): Noino types > Eljas Alakulppi wrote : >> 1. Are you trying to redirect traffic directed to port 53 to port 10053? >> Use REDIRECT target. > > This is overwhelming :-( would you (collective) be so kind as to write out > the needed rule(s) so I can leave you to rest at last ? >>> iptables -t nat -A OUTPUT -o lo -p udp --dport 53 -j DNAT >>> --to-destination :10053 >>> iptables: Invalid argument >> 2. DNAT requires destination IP as well. > > OK, if I replace an explicit --to-destination 127.0.0.1:10053 , still I'm > getting "Invalid argument" ! > Is that diag what you would get ? I suspect my iptables may be out of sync > with my kernel, which is why I dare reiterate my question... > TYVM Maybe it is the "-p udp" that is causing the message. Does -j LOG (instead of -j DNAT --to-destination) work? If it does not, then you need to add "-m udp" in front of "-p udp". -- (* Georgi Georgiev (* "If anything can go wrong, it will." -- (* *) chutz@gg3.net *) Edsel Murphy *) (* http://www.gg3.net/ (* (*