It lookes like your having connection trackin issuse, make shure ip_conntrack is loaded as a mod or compieled in.
Lookes like this thread should just be moved to "Debian Firewall - LIST" <[email protected]> and off of the other lists. --- Pradeeper <[EMAIL PROTECTED]> wrote: > Hello Peter and Daniel > > On Mon, 2004-08-09 at 20:26, deb list wrote: > > iptables -t nat -A PREROUTING -i eth0 -d 203.94.71.36 \ > > -j DNAT --to-destination 192.168.1.4 > > > > > > iptables -t filter -A FORWARD -d 203.94.71.36 ... -j ACCEPT > > and after the DNAT, the destination is re-written to 192.168.1.4 > > so it would need to be.. > > iptables -t filter -A FORWARD -i eth0 -d 192.168.1.4 -j ACCEPT > Non of these worked :-o > Nothing wrong in your rules though. According to my ISP, I have to put a > route entry in my internet router (IBM 2210) to listen to "203.94.71.36" > ip. > To verify this, I put a prerouting rule to nat 192.168.1.4 to my > firewall's ip. Rule is like this, > > iptables -t nat -A PREROUTING -i eth0 -d 203.94.71.42 -j DNAT > --to-destination 192.168.1.4 > > And a post routing like, > > iptables -t nat -A POSTROUTING -s 192.168.1.4 -o eth0 -j SNAT > --to-source 203.94.71.45 > > And it worked :-) > > I don't want to play with my internet router (since it will effect to my > whole network). Is there anyway of doing this? > Or is this the only way I can do? > > Thanks for the help! > > Pradeeper > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
