1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptable problems

Discussion in 'Tomato Firmware' started by prophead, Dec 22, 2009.

  1. prophead

    prophead Addicted to LI Member

    How can I make a rule that translates all output destined for to instead goto I need an iptable rule, not a route. I'm pretty sure I need to use DNAT, but I don't know how to do this, iptable expert help?
  2. mstombs

    mstombs Network Guru Member

  3. prophead

    prophead Addicted to LI Member


    That didn't really help me.

    Heres the command I think should work:
    iptables -t nat -A PREROUTING -d -j DNAT --to-destination

    but it doesn't, any idea why?
  4. Engineer

    Engineer Network Guru Member

    Add this along with the PREROUTING one (above).

    iptables -I FORWARD -d -j ACCEPT

    Edit: Actually, I used a -I instead of -A on the PREROUTING line when I telneted into my router and tried it. -A adds it on to the end.

    Since the iptables are for different tables (FORWARD and nat), it should not matter which order you enter them into your startup.
  5. prophead

    prophead Addicted to LI Member

    already there

    iptables -I FORWARD -d -j ACCEPT was already in place, as was
    iptables -t nat -I POSTROUTING -d -j MASQUERADE
  6. Engineer

    Engineer Network Guru Member

    I didn't use the POSTROUTING command, just the two above (again, used -I instead of -A on the iptables nat command). For kicks, I set -d to the yahoo.com IP and tried it.

    Worked fine.
  7. prophead

    prophead Addicted to LI Member

    problem solved

    Thanks, I solved the problem. I needed another static route on the hosts.

    I now have tomato doing pass through IP accounting at wire-speed for $60US (plus 35 hours of googleing) , I'm very happy.

    I learned tons about iptables in the process. Not easy to setup, but once it's setup it freaking rocks, so thank you community.


    Attached Files:

Share This Page