On Tue, Feb 26, 2002 at 03:37:05PM -0600, Ted Fines wrote: > Hi all, ...
> [root@dormsfw root]# iptables -L --line-numbers -t nat > Chain PREROUTING (policy ACCEPT) > num target prot opt source destination > 1 DNAT tcp -- 141.140.200.5 anywhere tcp > dpt:http to:141.140.1.18 > 2 DNAT udp -- 141.140.200.5 anywhere udp > dpt:http to:141.140.1.18 > > Chain POSTROUTING (policy ACCEPT) > num target prot opt source destination > This PREROUTING ruleset sends all tcp/udp traffic from 141.140.200.5 to ... 141.140.1.18 - whatever the original destination of the packet may have been. If this was your intention, you need to have a proxy server set up on ...18. You probably wanted to set up a POSTROUTING rule to SNAT these packets to your public IP. If you do have a proxy server, you will need a SNAT rule to change the outbound packets from the proxy server to the internet to have a valid source IP. Darrell
