Make sure you have rules in your FORWARD chain to allow the now forwarded
traffic to reach the internal machines.
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of Patrick Nelson
Sent: Monday, July 23, 2001 10:43 PM
To: 'Derek Tam'
Cc: netfilter@lists.samba.org
Subject: RE: Port forwarding
Make sure the destination server has it's gateway set to the system running
the iptables dnat rules.
netfilter-admin@lists.samba.org wrote:
-----------------------------------
Hi,
I have installed RH 7.1 and ran the following iptables
command to forward request to another server.
However, it doesn't work. Can anybody tell me why?
$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:80
$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:80
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
192.168.0.0/16 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
0.0.0.0/8 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
172.16.0.0/12 -j DROP
where $STATIC_IP is the internet ip address.
Thanks,
Derek
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
traffic to reach the internal machines.
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of Patrick Nelson
Sent: Monday, July 23, 2001 10:43 PM
To: 'Derek Tam'
Cc: netfilter@lists.samba.org
Subject: RE: Port forwarding
Make sure the destination server has it's gateway set to the system running
the iptables dnat rules.
netfilter-admin@lists.samba.org wrote:
-----------------------------------
Hi,
I have installed RH 7.1 and ran the following iptables
command to forward request to another server.
However, it doesn't work. Can anybody tell me why?
$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:80
$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:80
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
192.168.0.0/16 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
0.0.0.0/8 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
172.16.0.0/12 -j DROP
where $STATIC_IP is the internet ip address.
Thanks,
Derek
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/