/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
At last I've figured it what is missing! Take a look: > Hello! > I have problems with port forwarding using IPTABLES. > I know that such a problem was already discussed, but the solution I've ready > is not clear (at least for me) and does not work on my machine. > I'm using RedHat 7.1 with kernel 2.4.13 and iptables 1.2.4. > I'm trying to redirect ports 25 and 80, but get connection timed out. > I've removed all my previous rules from iptables and implemented the basic > script (taken from the howto). Here is part of it: > > echo " clearing any existing rules and setting default policy.." > $IPTABLES -P INPUT ACCEPT > $IPTABLES -F INPUT > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -F OUTPUT > $IPTABLES -P FORWARD DROP > $IPTABLES -F FORWARD > $IPTABLES -t nat -F > echo "Enabling PORTFW Redirection on the external LAN.." > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 25 -m state \ > --state NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 25 \ > -j DNAT --to 192.168.1.4:25 > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \ > --state NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 \ > -j DNAT --to 192.168.1.4:80 > Missing line is: $IPTABLES -A POSTROUTING -t nat -d $PORTFWIP -o $INTIF -j SNAT --to $INTIP > echo " FWD: Allow all connections OUT and only existing and related ones > IN" > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED > -j ACCEPT > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT > $IPTABLES -A FORWARD -j LOG > > Even when I change policy for the FORWARD chain to ACCEPT (just to try), I'm > not successful again. > Can you please advise how to resolve the problem. > Regards, > Geo. > > _______________________________________________ > Masq maillist - [EMAIL PROTECTED] > Admin requests can be handled at http://www.indyramp.com/masq-list/ -- > THIS INCLUDES UNSUBSCRIBING! > or email to [EMAIL PROTECTED] > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
