[gentoo-user] Change in iptables syntax fails to load rule

[gentoo-user] Change in iptables syntax fails to load rule

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 768 bytes --]

Hi All,

A few months ago I got some errors about the match option in some iptables 
rules that I was running at the time.  I modified these to remove match and 
add conntrack and all went well.


Now I am trying to run this:

/sbin/iptables -t nat -A OUTPUT -v -p tcp --dport 1935 -j REDIRECT

but it fails to load and it does not give me any particularly informative 
message:

# /sbin/iptables -t nat -A OUTPUT -v -p tcp --dport 1935 -j REDIRECT
REDIRECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:1935

# /sbin/iptables -L -v -n | grep 1935
#

Any idea how I should rewrite this rule?  I was using it to redirect the 
output to rtmpsrv to capture the address of a rtmpe stream, but now it does 
not work.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Change in iptables syntax fails to load rule

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1070 bytes --]

On Mar 30, 2013 2:54 AM, "Mick" <michaelkintzios@gmail.com> wrote:
>
> Hi All,
>
> A few months ago I got some errors about the match option in some iptables
> rules that I was running at the time.  I modified these to remove match
and
> add conntrack and all went well.
>
>
> Now I am trying to run this:
>
> /sbin/iptables -t nat -A OUTPUT -v -p tcp --dport 1935 -j REDIRECT
>
> but it fails to load and it does not give me any particularly informative
> message:
>
> # /sbin/iptables -t nat -A OUTPUT -v -p tcp --dport 1935 -j REDIRECT
> REDIRECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:1935
>
> # /sbin/iptables -L -v -n | grep 1935
> #
>
> Any idea how I should rewrite this rule?  I was using it to redirect the
> output to rtmpsrv to capture the address of a rtmpe stream, but now it
does
> not work.
> --
> Regards,
> Mick

IIRC, iptables -L by default only dumps the "filter" table.

Just use iptables-save and pipe the result through less (more info there;
you can ensure that the rule gets inserted to the proper table and chain).

Rgds,
--

[-- Attachment #2: Type: text/html, Size: 1476 bytes --]

Re: [gentoo-user] Change in iptables syntax fails to load rule

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1497 bytes --]

On Friday 29 Mar 2013 20:36:40 Pandu Poluan wrote:
> On Mar 30, 2013 2:54 AM, "Mick" <michaelkintzios@gmail.com> wrote:
> > Hi All,
> > 
> > A few months ago I got some errors about the match option in some
> > iptables rules that I was running at the time.  I modified these to
> > remove match
> 
> and
> 
> > add conntrack and all went well.
> > 
> > 
> > Now I am trying to run this:
> > 
> > /sbin/iptables -t nat -A OUTPUT -v -p tcp --dport 1935 -j REDIRECT
> > 
> > but it fails to load and it does not give me any particularly informative
> > message:
> > 
> > # /sbin/iptables -t nat -A OUTPUT -v -p tcp --dport 1935 -j REDIRECT
> > REDIRECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:1935
> > 
> > # /sbin/iptables -L -v -n | grep 1935
> > #
> > 
> > Any idea how I should rewrite this rule?  I was using it to redirect the
> > output to rtmpsrv to capture the address of a rtmpe stream, but now it
> > does not work.
> > --
> > Regards,
> > Mick
> 
> IIRC, iptables -L by default only dumps the "filter" table.
> 
> Just use iptables-save and pipe the result through less (more info there;
> you can ensure that the rule gets inserted to the proper table and chain).

Hmm... the rule is saved, but searching for the port number does not bring up 
anything, hence I assumed that it is not accepted.

Isn't a port number in this case '1935' interpreted as a search string on the 
shell?  Quotes don't work.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]