|
Okay, so I'm rather new at the whole iptalbes
thing and have run into a roadblock in getting it to redirect traffic to an
inside machine. The machine that I have iptalbes running on is also
functioning as a gateway and VPN. The gateway works fine. The VPN
works fine. The redirection of outside IP's does not. I was
wondering if it has something to do with the fact that the IP I was trying to
use are virtual, but I've read that that doesn't matter. And yes, I have
read the HOWTO quite a few times before bugging y'all. Also ip_forward is
set to 1 to enable this to happen. Following is my configuration which
happens to be just the latest incarnate of a lot of different
combinations:
*nat
:PREROUTING ACCEPT [640:64616] :POSTROUTING ACCEPT [192:9862] :OUTPUT ACCEPT [66:4152] -A PREROUTING -d 67.112.114.xxx -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.77.xxx -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue May 28 22:46:33 2002 # Generated by iptables-save v1.2.5 on Tue May 28 22:46:33 2002 *mangle :PREROUTING ACCEPT [13512:2397711] :INPUT ACCEPT [8743:614224] :FORWARD ACCEPT [4559:1760428] :OUTPUT ACCEPT [6375:628610] :POSTROUTING ACCEPT [10849:2382506] COMMIT # Completed on Tue May 28 22:46:33 2002 # Generated by iptables-save v1.2.5 on Tue May 28 22:46:33 2002 *filter :INPUT ACCEPT [3417:229546] :FORWARD ACCEPT [2344:1487351] :OUTPUT ACCEPT [6277:619218] -A INPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -p ah -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT -A FORWARD -i eth1 -j ACCEPT -A OUTPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT -A OUTPUT -p esp -j ACCEPT -A OUTPUT -p ah -j ACCEPT -A OUTPUT -o lo -j ACCEPT COMMIT I can ping the IP's on the gateway fine, so I know
that they're working. I can access the machine running as the webserver on
the intranet fine through its local address. I just can't get the IP's to
redirect to the machine inside. After losing a literally losing a lot of
sleep trying to get it running, I thought I'd ask the pros what I'm doing
wrong.
|
- Re: NAT Problem Michael Hudin
- Re: NAT Problem Raymond Leach
- NAT problem Tyler Kemp
- Re: NAT problem Antony Stone
- Nat PROBLEM lcef
- Re: Nat PROBLEM Antony Stone
