0

so say for instance i have an iptables rule that is of the sort

 iptables -I PREROUTING 1 -p udp 1000 -j DNAT --to-dest 192.168.1.10:1010

is there a way that i can midway through the connection based on say a u32 match or a string match further redirect the incoming ports connection to another ip

so in laymans terms i have forwarded port 1000 to an internal ip and port, and upon transmission of a packet that meets a certain criteria "re DNAT" that connection to another internal ip

I would think that I could insert this rule before hand and effectuate what i want but it consistently just skips over the rule

 iptables -I PREROUTING 1 -p udp 1000 -m string --algo bm "stringtomatch" -j DNAT --to-dest 192.168.1.100:1010

should it maybe be after... and should i change the port on the secondary rule to the changed port address?

pnuts
  • 58,317
  • 11
  • 87
  • 139
Chris
  • 443
  • 1
  • 5
  • 13
  • Not that proficient with this, but would say the second rule should be before the first one (to have a chance to override it). Did you try to use e.g. `LOG` to check the string matching part actually works? – vlp Nov 22 '15 at 14:38
  • right thats what the "insert this rule beforehand" implied was that it was inserted on top of the stack of iptables rules... it seems that once a connection is nat-ed its stuck... idk – Chris Nov 23 '15 at 16:56

0 Answers0