Netfilter

3.3 Destination address translation

• Destination address translation done first:
  • either in the OUTPUT chain if the packet was created locally

  • either in the PREROUTING chain for incoming packets

• Examples:
  • # Change destination addresses to 5.6.7.8
    iptables -t nat -A PREROUTING -i eth1 -j DNAT --to 5.6.7.8

  • # Change destination addresses of web traffic to 5.6.7.8, port 8080.
    iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 5.6.7.8:8080

  • # Send incoming port-80 web traffic to our squid (transparent) proxy
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

• Connexions created by local processes are not redirected.

Netfilter

® © Hervé Schauer Consultants 2000 - 4 bis, rue de la gare - 92300 Levallois-Perret
Phone : +33 141 409 700 - Fax : +33 141 409 709 - Email : <secretariat@hsc.fr>