In iptables, what is the difference between targets DNAT and REDIRECT?
6,088
According to netfilter documentation, redirection is a specialized case of destination NAT. REDIRECT is equivalent to doing DNAT to the incoming interface.
Linux 2.4 NAT HOWTO -- Destination NAT
So it means the first and second strings are equivalent.
-A PREROUTING -i $INT -p $PROTO --dport $PORT -j REDIRECT --to-ports $NEWPORT
-A PREROUTING -i $INT -p $PROTO --dport $PORT -j DNAT --to-destination :$NEWPORT
The string:
-A PREROUTING -i $INT -p $PROTO --dport $PORT -j DNAT --to-destination $IP_OF_INT:$NEWPORT
does the same job only if $IP_OF_INT - is the IP address on the incoming interface (IP of $INT).
Related videos on Youtube
09 : 50
NAT - SNAT, DNAT, PAT & Port Forwarding
![IPTABLES [PART-1] : "UNDERSTANDING THE CONCEPT"](https://i.ytimg.com/vi/vbhr4csDeI4/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBovKYd5heeT0eQFP4enqBJ_GCa1Q)
07 : 53
IPTABLES [PART-1] : "UNDERSTANDING THE CONCEPT"
34 : 05
iptables Demystified - Port Redirection and Forwarding HTTP Traffic to another machine (part 1)
07 : 15
Port forwarding with DNAT and Iptables
01 : 35
In iptables, what is the difference between targets DNAT and REDIRECT?
Author by
Clare
Updated on September 18, 2022Comments
-
Clare almost 2 years
More specifically, is
-A PREROUTING -i $INT -p $PROTO --dport $PORT -j REDIRECT --to-ports $NEWPORTequivalent to one or both of these?
-A PREROUTING -i $INT -p $PROTO --dport $PORT -j DNAT --to-destination :$NEWPORT -A PREROUTING -i $INT -p $PROTO --dport $PORT -j DNAT --to-destination $IP_OF_INT:$NEWPORT -
Clare almost 10 yearsThat link is very helpful, thank you. Just so that I can be 100% sure for future reference, could you please quote the strings that you mean when you say 'first and second'?
-
Clare almost 10 yearsAwesome, thanks! Your edits really cleared things up for me, I feel significantly more sure of what I'm doing now.