-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > I made this rule for portforwarding: > > > > (1) iptables -t nat -I PREROUTING -i $ext_if -p tcp --dport > > $port -j DNAT --to $local_ip:$local_port > > > > But a client connection from outside on that specified service port > > couldn't be established. iptables -vL shows me not a single packet has > > hit that rule and therefore didn't pass through the FORWARD chain which > > of course has to be set to ACCEPT by default or in my case when DROP is > > default another rule like > > > > (2) iptables -I FORWARD -i $ext_if -o $int_if -p tcp --dport > > $port -j ACCEPT
> > Anyone having an advice? Have you tried adding an SNAT rule? (3) iptables -t nat -I POSTROUTING -o $int_if -p tcp --dport $port -j SNAT - --to-source $ext_ip works pretty well for me. lg Erik -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFASvhKjImXy7oAgJkRAqKcAJ96UyYhRZwiY5I2HiYG1pd6/nK4nQCfaYN+ g4c1aSwYjGajn1ry2s5OPYA= =kbTm -----END PGP SIGNATURE-----
