I am having problems getting iptables with DNAT working. I have searched the Forum and found others having the same problem with no answer. Everything I have found says that what I am doing is correct. REDIRECT and DNAT both shows packets going through the chain but the packets are not being changed. I want to get DNAT or RAWDNAT working, I only used REDIRECT to see if I could get anything changed. Has any body been able to get DNAT RAWDNAT working? If so please let me know what you did
REDIRECT
iptables -t nat -A PREROUTING -i eth0 -d 192.168.0.255 -p udp --dport 9890 -j REDIRECT --to-port 9098
iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8 2816 REDIRECT udp -- eth0 any anywhere Broadcast.Gig.CTL udp dpt:9890 redir ports 9098
tcpdump -n -p -i any port 9890
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
14:42:42.623534 IP 192.168.0.198.50988 > 192.168.0.255.9890: UDP, length 324
14:42:45.130341 IP 192.168.0.198.60625 > 192.168.0.255.9890: UDP, length 324
DNAT
iptables -t nat -A PREROUTING -i eth0 -d 192.168.0.255 -p udp --dport 9890 -j DNAT --to 127.0.0.1:9890
iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 1 packets, 271 bytes)
pkts bytes target prot opt in out source destination
7 2464 DNAT udp -- eth0 any anywhere Broadcast.Gig.CTL udp dpt:9890 to:127.0.0.1:9890
tcpdump -n -p -i any port 9890
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
14:45:30.587383 IP 192.168.0.198.56084 > 192.168.0.255.9890: UDP, length 324
14:45:33.094140 IP 192.168.0.198.57197 > 192.168.0.255.9890: UDP, length 324
Also tried --to-destination and adding :9890.
RAWDNAT
iptables -t raw -A PREROUTING -i eth0 -d 192.168.0.255 -p udp --dport 9890 -j RAWDNAT --to-destination 127.0.0.1
iptables: No chain/target/match by that name.
RAWDNAT is part of xtables, which is installed. I did get TEE working, so iptables can get targets from xtables.
Thanks you.
Dave W