-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My "restart" function of the script does a flush before it reloads
all the rules.
JK wrote:
> Robert L. Harris wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>>
>> I have the following rules in my iptables script:
>>
>> $IPTABLES -A Allow --proto tcp --destination-port 25 -j ACCEPT
>> $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 25 -j
>> DNAT - --to 10.1.1.34:25
>>
>> $IPTABLES -A Allow --proto tcp --destination-port 80 -j ACCEPT
>> $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 80 -j
>> DNAT - --to 10.1.1.32:80
>>
>> I had a typo originally that sent dport 80 to 10.1.1.32:25 which
>> I fixed. I have verified there are no other rules for port 80
>> but it is still sending anything that hits port 80 to
>> 10.1.1.32:25. The first 2 rules are working fine though.
>>
>> any ideas?
>
>
> The "-A" means "*A*ppend this rule to the end of the chain", where
> it will be looked at *last*. So unless you flush (iptables -F
> <chain>) and then re-establish all the rules in the chain, the old
> rule will take precedence. If you want to put a rule at the
> *front* of the chain, use "-I", not "-A".
>
> -- JK
>
- --
:wq!
====================================================================
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS With Dreams To Be A King,
ALONE. I speak for First One Should Be A Man
no-one else. - Manowar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iD8DBQFJOB0S8+1vMONE2jsRApDtAKDMqDI8HP+vZtvV9sQpnxXXxa4c5gCgoOub
A31pxkO6dknJab5PEKGy/AU=
=sdSi
-----END PGP SIGNATURE-----