iptables unknown option "--to-destination"

[SchattenMann]

Hey all.

I'm just getting started with proxmox v9 and been fighting for a while with port redirection.

iptable manual says I should use -d or --destination



but I get this


or


this makes no sense to me.

it tells me I *must* use --to-destination but when I do use it it says it's an unknown option?

 

[shanreich]

I think you have to remove the dport setting, since for DNAT you set it in to-destination.

 

[SchattenMann]

Pretty sure it's needed but tried without it just in case with same results

 

[shanreich]

Yeah, dport is needed, sorry for my mistake! Just tried it on my machine and, curiously, it doesn't work either. As a workaround, you could instead try to use nftables for nat [1], which should work. Seems like this is an issue with iptables-legacy - I'll check further.

[1] https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)

 

[SchattenMann]

tks, at least it means I'm not alone!

I did look at nftables but TBH I feel like a fish out of water...

 

[shanreich]

Seems like the order is important, this works for me:

iptables -t nat -A PREROUTING -i <iface> -p tcp -m tcp -j DNAT --dport 1337 --to-destination 192.0.2.1:1337

 

[SchattenMann]

I can confirm this works, brilliant!

thanks

PS: people doing an inplace upgrade from v8 to v9 will have some fun times...