-j DNAT doesn't accept nonnumerical port

Linux Netfilter discussions
 help / color / mirror / Atom feed

* -j DNAT doesn't accept nonnumerical port
@ 2011-08-25 14:31 Marcin Mirosław
  2011-08-26  7:54 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Marcin Mirosław @ 2011-08-25 14:31 UTC (permalink / raw)
  To: netfilter

Hello!
Iptables accept such line without problem:
iptables -t nat -A PREROUTING -p tcp  --dport pop3 -j DNAT 
--to-destination 1.2.3.4:25

Destination port is defined by word. So i wanted to use use the same 
trick in DNAT but i've got:
# iptables -t nat -A PREROUTING -p tcp  --dport pop3 -j DNAT 
--to-destination 1.2.3.4:smtp
iptables v1.4.12: Port `smtp' not valid

Is it intentional behavior of iptables? I can't see any info about it in 
man.

Regards,
Marcin

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: -j DNAT doesn't accept nonnumerical port
  2011-08-25 14:31 -j DNAT doesn't accept nonnumerical port Marcin Mirosław
@ 2011-08-26  7:54 ` Jan Engelhardt
  2011-08-29  8:49   ` Marcin Mirosław
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-08-26  7:54 UTC (permalink / raw)
  To: Marcin Mirosław; +Cc: netfilter

On Thursday 2011-08-25 16:31, Marcin MirosÅ‚aw wrote:

> Hello!
> Iptables accept such line without problem:
> iptables -t nat -A PREROUTING -p tcp  --dport pop3 -j DNAT --to-destination
> 1.2.3.4:25
>
> Destination port is defined by word. So i wanted to use use the same trick in
> DNAT but i've got:
> # iptables -t nat -A PREROUTING -p tcp  --dport pop3 -j DNAT --to-destination
> 1.2.3.4:smtp
> iptables v1.4.12: Port `smtp' not valid
>
> Is it intentional behavior of iptables? I can't see any info about it in man.

At least it is not a regression.

DNAT does not accept names currently, and I can guess this is because 
of:

Port names can contain pretty much any character except \0, so there is 
no way for DNAT, without symmetric delimiters like '[' and ']' for 
example, to know from the user specifying "smtp-imap" whether s/he means 
the single (fictional) port "smtp-imap", or the range 25--143.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: -j DNAT doesn't accept nonnumerical port
  2011-08-26  7:54 ` Jan Engelhardt
@ 2011-08-29  8:49   ` Marcin Mirosław
  0 siblings, 0 replies; 3+ messages in thread
From: Marcin Mirosław @ 2011-08-29  8:49 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter

W dniu 26.08.2011 09:54, Jan Engelhardt pisze:
> At least it is not a regression.
>
> DNAT does not accept names currently, and I can guess this is because
> of:
>
> Port names can contain pretty much any character except \0, so there is
> no way for DNAT, without symmetric delimiters like '[' and ']' for
> example, to know from the user specifying "smtp-imap" whether s/he means
> the single (fictional) port "smtp-imap", or the range 25--143.

This is good reason :) However, it's a little misleading.
Thank you for answer.

Regards,
Marcin.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-08-29  8:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-25 14:31 -j DNAT doesn't accept nonnumerical port Marcin Mirosław
2011-08-26  7:54 ` Jan Engelhardt
2011-08-29  8:49   ` Marcin Mirosław

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox