Trevor, THANKS for the reply, but that didn't work. In fact, -j REDIRECT to a certain port and -j DNAT are equivalent (though with DNAT you have to say "--to 192.168.10.101:8080 (give an IP and a port). (For just one explanation of this, see http://www.linuxsecurity.com/content/view/117557/49/ where they note: "REDIRECT: This is a specialized case of DNAT that alters the destination IP address to send the packet to the machine itself. This is useful in circumstances where one wishes to redirect web traffic to a local proxy server, such as squid." In any case, I tried your suggestion: /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.10.101:8080 Still doesn't work. My related guru question is: How can I tell on a running system if the kernel was compiled with "fast switching" for the network? Apparently this has to be set to OFF for this kind of redirection to work. John On 5/2/05, fedora-list-request@xxxxxxxxxx <fedora-list-request@xxxxxxxxxx> wrote: > 6. Re: iptables -- trying to redirect, but doesn't work > (Trevor "TeC" Christian) > ------------------------------ > > Message: 6 > Date: Sun, 01 May 2005 23:15:33 -0400 > From: "Trevor \"TeC\" Christian" <trevor@xxxxxxxxxxxxxxxxx> > Subject: Re: iptables -- trying to redirect, but doesn't work > To: john@xxxxxxxx, For users of Fedora Core releases > <fedora-list@xxxxxxxxxx> > Message-ID: <42759B55.2050100@xxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > John G. Norman wrote: > > >Hi. > > > >I'm trying to redirect from one port to another with iptables > >(destination NAT -- transparent proxying . . . e.g., "destination NAT" > >in this article: http://www.linux-mag.com/content/view/849/2236/). > > > >I've done this many times before, including on SuSE and various > >flavors of BSD (with ipfw). > > > >For some reason I can't get it to work on Fedora 3. > > > >I do have ip forwarding on (/proc/sys/net/ipv4/ip_forward shows 1) > > > >The command I am trying to use is: > > > >/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > >REDIRECT --to-port 8080 > > > > > I think this should probably by > /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-port 8080 > > I believe that's what works for me... > > -- > *Trevor "TeC" Christian* > Cell #: (767) 225 4472 > IM > MSN: trevorc98@xxxxxxxxxxx / trevor@xxxxxxxxxxxxxxxxx > YM : trevorc01 > AIM: DoubleOTeC > ------------------------------------------------------------------------ > Curriculum Vitae (PDF) <http://bouyon.dalive.com/cv/curriculum_vitae.pdf> > Curriculum Vitae (HTML) <http://bouyon.dalive.com/cv/curriculum_vitae.html> > > ------------------------------
