[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Redirecting DNS Not Working
From:       Pascal Hambourg <pascal () plouf ! fr ! eu ! org>
Date:       2013-02-16 17:03:11
Message-ID: 511FBBCF.70800 () plouf ! fr ! eu ! org
[Download RAW message or body]

Andrew Beverley a écrit :
>> Nonsense. You should read the manpage more carefully.
>>
>> QUOTE
>>  REDIRECT
>>  This  target is only valid in the nat table, in the PREROUTING and OUT-
>>  PUT chains, and user-defined chains which are only  called  from  those
>>  chains.   It redirects the packet to the machine itself by changing the
>>  destination IP  to  the  primary  address  of  the  incoming  interface
>>  (locally-generated packets are mapped to the 127.0.0.1 address).
>> END OF QUOTE
> 
> Okay, I stand corrected, although I personally would still use the DNAT
> target for that use-case :)

Both can be used. DNAT gives more control, as it allows to specify the
destination address.

> Incidentally, the manpage stipulates "--to-ports" but the earlier
> example in the same manpage is "--to-port". Both seem to be accepted.
> Any difference?

No, it appears that partial options can be used (as long as they are
unambiguous, I guess). --to also works.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]