i am running kerenl 3.14.18 and using iptables 1.4.21, built with these options –static-enable –disable-shared.
when i run this command:
/sbin/iptables -A PREROUTING -m -d 127.3.0.2/24 -j DNAT –to-destination 10.0.0.1 -p udp -dport 69
i get this error message:
iptables v1.4.21: Couldn't load match `-d':No such file or directory
can any help explain what i am missing?
thank you in advance.
Best Answer
In order to accomplish this, you would use the followng iptables rules:
iptables -t nat -A PREROUTING -d 127.3.0.2/24 -p udp --dport 69 -j DNAT --to-destination 10.0.0.1 iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.0.100
But you should replace 127.3.0.2/24 with either a single IP (i.e. 127.3.0.2) or a valid CIDR range (e.g. 127.3.0.0/24). 127.3.0.2/24 is not a valid CIDR range as a /24 would cover 127.3.0.0-127.3.0.254. This would also redirect any traffic to any IP in that range to port 69 on 10.0.0.1.
Also, since port 69 is TFTP, I feel obliged to mention--if you are trying to use this for a PXE booting or other DHCP-based solution there is a strong likelihood it will not work as most vendors have trouble traversing subnets using PXE.