1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Iptables some command miss ?

Discussion in 'DD-WRT Firmware' started by tazthe, May 16, 2005.

  1. tazthe

    tazthe Network Guru Member

    Hi

    I was just trying to make an iptables rules to forward wan 222 port to a lan server which is listen on port 22.

    So i try this :
    iptables -I FORWARD 8 -p tcp --dport 222 --to-destination 192.168.1.10:22
    -j logaccept
    but shelle return :
    Unknown arg `--to-destination'

    Then if i try this

    iptables -I FORWARD 8 -p tcp --dport 222 -d 192.168.1.10:22
    -j logaccept

    it return : host/network `192.168.1.10:22' not found


    So is this parameters are not implemented on the dd-wrt iptables version ?

    Is there another solution to do this ?

    Thks
     
  2. scatman

    scatman Network Guru Member

    iptables are in full flavor in dd-wrt. Right solution would be:

    iptables -t nat -I PREROUTING -p tcp --dport 222 -j DNAT --to-destination 192.168.1.10:22
    iptables -t filter -I FORWARD -p tcp --dport 22 -j ACCEPT

    --to-destination flag can only be used in PREROUTING chain to change destination address of a packet. And the packet has to go through nat table in order to do that.
    Be aware to place the rules well before any common DROP rules that might drop your packet before reaching your rules.
     

Share This Page