I have a firewall between 192.168.255.0 and 172.16.255.0. Both /24. 192.168.255.0 get DNAT'd to a proxy server @ 172.16.255.5:8080. I want this to continue however I have a web server 172.16.255.50 that I want direct connection to for testing. I've tried this statement, but iptables keeps erroring when trying to add it
iptables -I PREROUTING -i eth1 -d \! 172.16.255.50 -p tcp --dport 80 -j DNAT --to-destination 172.16.255.5:8080
Thanks!!
Best Answer
There are 2 issues here
-t nat
, so its trying to add to thePREROUTING
chain in thefilter
table, which doesn't exist.!
) has to go before the-d
.Working solution:
Alternatively, another way of doing things like this is to put a rule in before that one which matches the exception traffic and does nothing with it. Iptables stops once it hits the first matching rule, so it never gets to the later rule.