Iptables rule with hashlimit and NAT doesn't work
by kalicatzaros from LinuxQuestions.org on (#4Z1JJ)
Hello all,
I'm trying to create a PREROUTING rule in order to re-direct the traffic to another port based on hashlimit.
This works fine and redirect everything from port 53 to 1053.
Code:iptables -I PREROUTING -t nat -p udp --src 0/0 --dport 53 -j DNAT --to-destination 10.0.2.4:1053This using hashlimit seems to work (burst needs some tuning but still is doing what it has to do):
Code:iptables -I PREROUTING -t raw -p udp --dport 53 -m hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-above 100/second --hashlimit-burst 1 --hashlimit-name OL_Proc -j DROPBut the following doesn't work at all:
Code:iptables -I PREROUTING -t nat -p udp --dport 53 -m hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-above 100/second --hashlimit-burst 1 --hashlimit-name OL_Proc -j DNAT --to-destination 10.0.2.4:1053Am I doing something wrong here?
Any comment/idea is more than welcome since i'm fighting days with this.
I'm trying to create a PREROUTING rule in order to re-direct the traffic to another port based on hashlimit.
This works fine and redirect everything from port 53 to 1053.
Code:iptables -I PREROUTING -t nat -p udp --src 0/0 --dport 53 -j DNAT --to-destination 10.0.2.4:1053This using hashlimit seems to work (burst needs some tuning but still is doing what it has to do):
Code:iptables -I PREROUTING -t raw -p udp --dport 53 -m hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-above 100/second --hashlimit-burst 1 --hashlimit-name OL_Proc -j DROPBut the following doesn't work at all:
Code:iptables -I PREROUTING -t nat -p udp --dport 53 -m hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-above 100/second --hashlimit-burst 1 --hashlimit-name OL_Proc -j DNAT --to-destination 10.0.2.4:1053Am I doing something wrong here?
Any comment/idea is more than welcome since i'm fighting days with this.