iptables v1.4.21: Couldn't load match `-d':No such file or directory
hi, i have a host system with 2 interfaces, eth0 and eth1. eth0 will receive packets with ip of 127.3.x.x. i want to forward these packets to go out of eth1 to a server (10.0.1). eth1 has ip of 192.168.0.100. the server needs to see the packets as if they are coming from the host (192.168.0.100). i think i can remove -m flag, but when i do, i am getting this error: iptables v1.4.21: multiple -d flags not allowed
In order to accomplish this, you would use the followng iptables rules:
iptables -t nat -A PREROUTING -d 127.3.0.2/24 -p udp --dport 69 -j DNAT --to-destination 10.0.0.1
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.0.100
But you should replace 127.3.0.2/24 with either a single IP (i.e. 127.3.0.2) or a valid CIDR range (e.g. 127.3.0.0/24). 127.3.0.2/24 is not a valid CIDR range as a /24 would cover 127.3.0.0-127.3.0.254. This would also redirect any traffic to any IP in that range to port 69 on 10.0.0.1.
Also, since port 69 is TFTP, I feel obliged to mention--if you are trying to use this for a PXE booting or other DHCP-based solution there is a strong likelihood it will not work as most vendors have trouble traversing subnets using PXE.
Related videos on Youtube
00 : 52
![IPTABLES [PART-1] : "UNDERSTANDING THE CONCEPT"](https://i.ytimg.com/vi/vbhr4csDeI4/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBovKYd5heeT0eQFP4enqBJ_GCa1Q)
07 : 53
06 : 28
02 : 02
31 : 02
01 : 03
31 : 46
01 : 01
mark
Updated on September 18, 2022Comments
-
mark over 1 year
i am running kerenl 3.14.18 and using iptables 1.4.21, built with these options --static-enable --disable-shared. when i run this command: /sbin/iptables -A PREROUTING -m -d 127.3.0.2/24 -j DNAT --to-destination 10.0.0.1 -p udp -dport 69 i get this error message: iptables v1.4.21: Couldn't load match `-d':No such file or directory
can any help explain what i am missing? thank you in advance.
-
Michael Hampton about 9 yearsYes, that's a pretty obvious typo. Exactly what is this supposed to do? Where did you find this command? -
Brian about 9 years
-mneeds something to match (one of what is listed bycat /proc/net/ip_tables_matches). -
mark about 9 yearshi, i have a host system with 2 interfaces, eth0 and eth1. eth0 will receive packets with ip of 127.3.x.x. i want to forward these packets to go out of eth1 to a server (10.0.1). eth1 has ip of 192.168.0.100. the server needs to see the packets as if they are coming from the host (192.168.0.100). i think i can remove -m flag, but when i do, i am getting this error: iptables v1.4.21: multiple -d flags not allowed
-
user2751502 about 9 years
--dport, not-dport
-
-
wolfico about 9 years@mark I have just revised my answer (there was a typo)
