Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
AW: [suse-security] Re: Masquerading unter Kernel 2.4
  • From: "OKDesign oHG Security Administrator" <security@xxxxxxxxxxx>
  • Date: Wed, 9 Jan 2002 21:12:59 +0100
  • Message-id: <>
As some people already mentioned, the protocol need to be specified. Simply
add "-p tcp" f.ex. before the -d and it works.


-----Ursprüngliche Nachricht-----
Von: James Bliss [mailto:bliss@xxxxxxxxx]
Gesendet: Mittwoch, 9. Januar 2002 16:41
An: OKDesign oHG Security Administrator; Bjoern Engels
Cc: suse-security@xxxxxxxx
Betreff: Re: [suse-security] Re: Masquerading unter Kernel 2.4

This looks like it would work for my problem as well. But, when I try to
use this command
I get a message that --dport is incorrect. When I look at iptables --help
there is no entry
for --dport. (I also added the -p tcp as indicated necessary in a
subsequent email

Thanks for any help.


01/09/02 07:02:32 AM, Bjoern Engels <bengels@xxxxxxxxxxx> wrote:

>On Wednesday, 9. January 2002 13:53, OKDesign oHG Security Administrator
>>> "iptables -t nat -A PREROUTING -i <ext_IF_of_firewall> -d
>>> <ip_of_firewall> --dport <desired_port> -j DNAT --to-destination <ip_of
>>> internal_machine>"
>> Thank you for your hint, but the command-line you told doesn't work. The
>> system keeps complaining (unknowg arg --dport). I also tried out the long
>> version --destination-port with the same result. I looked at the manpage
>> and found that iptables should know this argument, so there seems to be a
>> syntax error.
>> Anyone has an idea what is wrong and how the correct syntax is ?
>The protocol is missing. No [TCP|UDP], no ports.
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >