Hello Peter and Daniel On Mon, 2004-08-09 at 20:26, deb list wrote: > iptables -t nat -A PREROUTING -i eth0 -d 203.94.71.36 \ > -j DNAT --to-destination 192.168.1.4 > > > > iptables -t filter -A FORWARD -d 203.94.71.36 ... -j ACCEPT > and after the DNAT, the destination is re-written to 192.168.1.4 > so it would need to be.. > iptables -t filter -A FORWARD -i eth0 -d 192.168.1.4 -j ACCEPT Non of these worked :-o Nothing wrong in your rules though. According to my ISP, I have to put a route entry in my internet router (IBM 2210) to listen to "203.94.71.36" ip. To verify this, I put a prerouting rule to nat 192.168.1.4 to my firewall's ip. Rule is like this,
iptables -t nat -A PREROUTING -i eth0 -d 203.94.71.42 -j DNAT --to-destination 192.168.1.4 And a post routing like, iptables -t nat -A POSTROUTING -s 192.168.1.4 -o eth0 -j SNAT --to-source 203.94.71.45 And it worked :-) I don't want to play with my internet router (since it will effect to my whole network). Is there anyway of doing this? Or is this the only way I can do? Thanks for the help! Pradeeper
