[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Redirecting DNS Not Working
From: Pascal Hambourg <pascal () plouf ! fr ! eu ! org>
Date: 2013-02-16 17:03:11
Message-ID: 511FBBCF.70800 () plouf ! fr ! eu ! org
[Download RAW message or body]
Andrew Beverley a écrit :
>> Nonsense. You should read the manpage more carefully.
>>
>> QUOTE
>> REDIRECT
>> This target is only valid in the nat table, in the PREROUTING and OUT-
>> PUT chains, and user-defined chains which are only called from those
>> chains. It redirects the packet to the machine itself by changing the
>> destination IP to the primary address of the incoming interface
>> (locally-generated packets are mapped to the 127.0.0.1 address).
>> END OF QUOTE
>
> Okay, I stand corrected, although I personally would still use the DNAT
> target for that use-case :)
Both can be used. DNAT gives more control, as it allows to specify the
destination address.
> Incidentally, the manpage stipulates "--to-ports" but the earlier
> example in the same manpage is "--to-port". Both seem to be accepted.
> Any difference?
No, it appears that partial options can be used (as long as they are
unambiguous, I guess). --to also works.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic