>I use a Linux machine to masquerade a Windows machine to the internet. The
>Linux machine has a static IP address and the Windows box is DHCP from the
>Linux box using private 192.168 IP range.
>
>I needed to be able to allow internet users thru my firewall to access a
>specific port on the Windows machine, so I created a rule:
>
>iptables -t nat -A PREROUTING -p tcp --dport 5520 -j DNAT --to
>192.168.0.1:5520
>
The matter is: you do not give the rule destinaton IP address, so, the rule is
fit for all traffic which destination port is 5520, The right one shoulde be:
iptables -t nat -A PREROUTING -p tcp -d $YourOutSideIP --dport ........
>And everything worked as expected, until I tried to use the Windows machine
>to access another
>internet machine by entering www.someip.org/5520 in my Windows browser, I
>get an error
>message that the site cannot be reached. However, the Linux machine can
>reach the same
>address fine.
>
>So I searched the NAT documentation looking for answers. I think I need an
>OUTPUT rule or a
>POSTROUTE rule but I am not sure which one I need. From what I read I would
>think I need an
>OUTPUT rule since the docs talk about internal network workings.
>
>I would like to know why it's not working and how I should go about fixing
>it. Thanks.
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
= = = = = = = = = = = = = = = = = = = =
