I have a situation I need some assistance with. I have clients that need to have traffic rerouted to a specific port on a remote server, and I would like to use iptables to redirect it for me.
Here is the config:
Clients use smtpout.secureserver.net for SMTP traffic. The server will accept SMTP traffic on port 80 or port 3535. The issue is that I am already redirecting traffic destined for port 80 outbound to a tranparent proxy on port 8080. When the clients try to send email outbound, the connection times out.
What I would like to do is construct a iptables rule that redirects traffic destined to smtpout.secureserver.net:80 to smtpout.secureserver.net:3535.
Here is what I have so far, but it does not seem to work the way I expect:
-A PREROUTING -i eth1 -d 72.167.82.80/32 -p tcp --dport 80 -j DNAT --to-destination 72.167.82.80:3535
-A POSTROUTING -j MASQUERADE
Presuming you don't want to configure the client to use 3535, which seems to be the most logical course of action for this rather odd setup..
Your iptables command is missing the table portion, so you need to add "-t nat" at the beginning.
You're 'appending' ("-A") the rule to the existing prerouting chain; all prior existing rules will be executed first. If the transparent proxy rule is in there as well, it will be executed first and will deal with the traffic, your rule never matches/executes.
Try inserting it (-I) on top (first position) or adding it at a specific position (-I PREROUTING 5 for the 5th rule).
If this doesn't work I believe we do not have enough info; please consider looking (on the router's wan interface) where the traffic is actually going with tcpdump, and post you full ruleset.