Web lists-archives.com

Re: Problem with port forwards for LXC Masqueraded Bridge, page outdated?




Le 05/08/2017 à 08:03, davidson@xxxxxxxxxxxx a écrit :
On Fri, 4 Aug 2017, jakob notland wrote:

Hello dear Debian support

This is not the Debian support. This is a user mailing list.

iptables -t nat -A PREROUTING -i eth0 -d $external_ip -m conntrack --ctstate NEW -j DNAT --to-destination 10.3.0.2 iptables -t nat -A PREROUTING -i lxc-nat-bridge -d $external_ip -m conntrack --ctstate NEW -j DNAT --to-destination 10.3.0.2 iptables -t nat -A OUTPUT -d $external_ip -m conntrack --ctstate NEW -j DNAT --to-destination 10.3.0.2

All the commands returns "Bad argument `conntrack'",

Is the variable $external_ip defined?

And does it contain a proper value ?

By the way, "-m conntrack --ctstate NEW" is totally useless in NAT rules and can be removed. The "nat" chains see only packets in the state NEW, so no need to check.