-----Here my NAT is working ---------------------------------------------------------------------------- -------------------------------- #POSTROUTING iptables -t FILTER -N POSTROUTING # You add the next line for logs results #iptables -t FILTER -A POSTROUTING -j LOG
iptables -t NAT -A POSTROUTING -o eth0 -s localhost -j MASQUERADE iptables -X -t nat #PREROUTING iptables -t FILTER -N PREROUTING iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to ip_target ---------------------------------------------------------------------------- -------------------------------- Have Fun ! ----- Original Message ----- From: "Caveman" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, July 08, 2004 2:13 PM Subject: NAT iptables routing issue > Hi all, > > I have a slight problem I am not sure how to get around. > Firstly let me draw you a picture. I have computer 'A' which is directly > connected to the internet and is the ONLY computer to have a internet IP. > It routes (via nat ) traffic from clients on the lan to the internet etc. > > Now on box 'B' I have a webserver running and I have forwarded (using > prerouting) port 80 to box 'B''s LOCAL IP. This works fine for people outside > my network (IE, the internet) but I cant access the webserve by using the > internet IP from the lan, its never been a big issue, but i have finally > decided that I need to work out how to fix this. > > Any ideas ? The below code is my NAT and prerouting stuff i have setup. I know > that the postrouting rule i have now is whats causing the issue, but I am > unsure as to how I should get around this. > > > Thanks. > > Caveman > > ----------------------------------- > #NOTE eth0 is connected to the internet, eth1 is lan. > # flush any old rules > $IPTABLES -F -t nat > # turn on POSTROUTING > $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE > #forward port 80 from INTERNET IP connections to 192.168.0.2 port 80 > $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to > 10.1.1.2:80 > ------------------------------------------------------------ > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
