On Wednesday 01 February 2006 11:32 am, anoop aryal wrote: > On Wednesday 01 February 2006 01:18 am, Edward Shornock wrote: > > On Thu, Feb 02, 2006 at 07:11:07AM +0800, Jon Miller wrote: > > > I'm having a major problem trying to forward packets from either a > > > workstation of the LAn to the Internet. I want to be sure I'm doing > > > this correctly. > > > > > > I set a forward rule: > > > $IPT -A FORWARD -i $INT_IFACE -o eth1 -p tcp --dport 1262 -j ACCEPT > > > > > > Then I set a PREROUTING rule > > > $IPT -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT > > > --to-destination 192.168.xxx.xxx > > > > > > All I can see using tethereal on the network is SYN packets. > > > > > > Any idea what I'm doing wrong? > > > > try > > $IPT -t nat -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT > > --to-destination 192.168.xxx.xxx > > > > The forward rule looks OK. > > if it's *from* the LAN *to* the internet, shouldn't it be: > > if you have a static outside IP > $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j DNAT > --to-source $EXT_IP
woops, make that: $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j SNAT --to-source $EXT_IP > or, if your outside IP is dhcp assigned > $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j MASQUERADE > > -anoop. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
