Hi, Antony > On Monday 10 June 2002 1:45 pm, Kellogg, Chris wrote: > > > iptables -A OUTPUT -s 192.168.0.0/24 -p tcp --dport 80 -t > nat -j DNAT > > --to-destination 192.168.4.4:80 > > > > When I attempt to put this rule in, I get the error message > "iptables: > > Invalid argument". > > I should think it's the -s argument which netfilter is > complaining about - it > makes (almost) no sense to include this in a rule which only > applies to > packets coming from the local machine.
ACK! Talk about a serious brain cramp - I completely forgot that the OUTPUT chain is for outbound connections sourced from the NetFilter box. > I assume you really are trying to DNAT packets originating > from the netfilter > box, and not ones which are being routed by it (which you > would do in the > POSTROUTING chain) ? I want to redirect packets being routed by the NetFilter box. I guess that means I need to use the PREROUTING change to handle these packets...since I need the DNAT option, and that only on the PREROUTING and OUTPUT chains - and OUTPUT won't work. :) > Antony. Thanks for helping me pull my head out of my posterior. Any ideas on alternative methods to do what I'm trying to do? Cheers, Chris.
