Internet Servers - DNAT/SNAT

[Roberto Campos]

Hi,   I’m dealing with nat for the last 3 years but I have never tried to SNAT/DNAT.   Now I do have to. I’m working on a new setup to our network and I need some help here.   This is our setup:                                 200.200.200.200/29 (internet)                                               |                                 Linux Box runnig RH 7.1                                               |                             192.168.0.0/24 (Internal network) ---------                                                                                      |           ---------  DNS/SMTP/HTTP/POP Servers                                                                                   switch ----|                                                                                                                                                                                            --------  All the other machines on internal lan   I don’t now if this is clear for you all, but this is what I need:   I do have a internal server that is our main server and we want it to be behind the firewall using restricted addresses We are using SNAT/DNAT to translate the ports 25, 110, 80, 443 and 53 (UDP and TCP) to the internal IP of the server. Some problems are occurring:   DNS is not being translated correctly and therefore a lot in been dropped because SMTP is refusing to send emails (obviously) and etc…   Does anyone has a few rules that can be used to do this that can be shared with us.   This would be really nice.   Thanks in advance.   Roberto Campos _______________________________________________________________ Meu  Provedor Tecnologias e Informatica ltda. Rua Camerino, 128 Gr. 302 - Centro Rio de Janeiro - RJ - CEP 20080-010 Tel.: 21 - 25181011     Fax: 21 - 25181911