/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
"Jamin W. Collins" wrote: > On Sun, 2002-02-03 at 14:25, Eric Persson wrote: > > I've finally got my firewall up and running, I have also placed some > > servers on the inside, and managed to forward some traffic to them. > > The problem is that if I browse to www.egp.cx, that domain will resolve > > to 213.212.20.73. But I cannot get to that domain from inside the > > firewall. Shouldnt it go to the firewall and then back? Can this be > > fixed? > > You'll need to institute DNAT rules that specify anything from the > inside going to your external IP be rerouted (DNAT'd) to the appropriate > internal IP address. > > Jamin W. Collins I tried this, but I must do something wrong. I tried the uncommented lines with no luck, any hints? $IPTABLES -A FORWARD -i $EXTIF -p tcp -d 213.212.20.73 -o $INTIF --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -p tcp -d 192.168.0.60 -o $INTIF --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #$IPTABLES -A FORWARD -i $INTIF -p tcp -d 213.212.20.73 -o $INTIF --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t nat -A PREROUTING -d 213.212.20.73 -p tcp --dport 80 -j DNAT --to 192.168.0.60:80 #$IPTABLES -t nat -A PREROUTING -d 192.168.0.60 -p tcp --dport 80 -j DNAT --to 192.168.0.60:80 -- [ eric persson | [EMAIL PROTECTED] | www.persson.tm ] _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
