Looks like you need some forward rules in there too. ----- Original Message ----- From: "Ola Hansson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 27, 2002 5:41 PM Subject: Port forwarding - help needed
> I am on a Debian Woody system with a 2.4.17 kernel and I'm having trouble getting port forwarding to, well, forward... > > Please help me explain why the following short _test_ ruleset won't let me connect to my ssh and smtp servers on the LAN host (192.168.1.2)! > (When I ssh to <my_inet_ip> I'm connected to the firewall itself instead of the host behind it) > > The external interface is eth0 and <my_inet_ip> is of course replaced by my real IP address :-) > > > > #!/bin/sh > echo "1" > /proc/sys/net/ipv4/ip_forward > > /sbin/iptables -P INPUT ACCEPT > /sbin/iptables -P OUTPUT ACCEPT > /sbin/iptables -P FORWARD ACCEPT > > /sbin/iptables -t nat -A PREROUTING -p TCP -i eth0 -d <my_inet_ip> --dport 25 -j DNAT --to-destination 192.168.1.2 > > /sbin/iptables -t nat -A PREROUTING -p TCP -i eth0 -d <my_inet_ip> --dport 22 -j DNAT --to-destination 192.168.1.2 > > > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <my_inet_ip> > # eof > > > > > Related kernel config options: > > # > # Networking options > # > CONFIG_PACKET=y > # CONFIG_PACKET_MMAP is not set > # CONFIG_NETLINK_DEV is not set > CONFIG_NETFILTER=y > # CONFIG_NETFILTER_DEBUG is not set > # CONFIG_FILTER is not set > CONFIG_UNIX=y > CONFIG_INET=y > # CONFIG_IP_MULTICAST is not set > CONFIG_IP_ADVANCED_ROUTER=y > CONFIG_IP_MULTIPLE_TABLES=y > CONFIG_IP_ROUTE_FWMARK=y > CONFIG_IP_ROUTE_NAT=y > CONFIG_IP_ROUTE_MULTIPATH=y > CONFIG_IP_ROUTE_TOS=y > CONFIG_IP_ROUTE_VERBOSE=y > CONFIG_IP_ROUTE_LARGE_TABLES=y > # CONFIG_IP_PNP is not set > # CONFIG_NET_IPIP is not set > # CONFIG_NET_IPGRE is not set > CONFIG_SYN_COOKIES=y > > # > # IP: Netfilter Configuration > # > CONFIG_IP_NF_CONNTRACK=y > CONFIG_IP_NF_FTP=y > CONFIG_IP_NF_IRC=y > CONFIG_IP_NF_IPTABLES=y > CONFIG_IP_NF_MATCH_LIMIT=y > CONFIG_IP_NF_MATCH_MAC=y > CONFIG_IP_NF_MATCH_MARK=y > CONFIG_IP_NF_MATCH_MULTIPORT=y > CONFIG_IP_NF_MATCH_TOS=y > CONFIG_IP_NF_MATCH_LENGTH=y > CONFIG_IP_NF_MATCH_TTL=y > CONFIG_IP_NF_MATCH_TCPMSS=y > CONFIG_IP_NF_MATCH_STATE=y > CONFIG_IP_NF_FILTER=y > CONFIG_IP_NF_TARGET_REJECT=y > CONFIG_IP_NF_NAT=y > CONFIG_IP_NF_NAT_NEEDED=y > CONFIG_IP_NF_TARGET_MASQUERADE=y > CONFIG_IP_NF_TARGET_REDIRECT=y > CONFIG_IP_NF_NAT_IRC=y > CONFIG_IP_NF_NAT_FTP=y > CONFIG_IP_NF_MANGLE=y > CONFIG_IP_NF_TARGET_TOS=y > CONFIG_IP_NF_TARGET_MARK=y > CONFIG_IP_NF_TARGET_LOG=y > CONFIG_IP_NF_TARGET_TCPMSS=y > > # > # > # > # CONFIG_IPX is not set > # CONFIG_ATALK is not set > # CONFIG_DECNET is not set > # CONFIG_BRIDGE is not set > > > TIA > > --Ola > -- > > _______________________________________________ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup > > > > >
