On Wednesday 10 July 2002 3:51 pm, Mark Ayad wrote: > Nice try but no luck > > $IPTABLES -t nat -A POSTROUTING -o $INTIF -i $INTIF -j > > can't use -i in POSTROUTING
Yup. Tom just pointed that out to me :-) > So I tried > > $IPTABLES -t nat -A POSTROUTING -o $INTIF 192.168.0.0/24 -j MASQUERADE > > No luck there although this time the rule is correct. You should have a "-s" in there before the address ? Anyway, I realised that your DNAT rule was specifying the input interface (which presumably is your external interface), so it won't do anything for packets coming in the other (internal) interface. You need to change the DNAT rule so it specifies the target address instead: $IPTABLES -t nat -A PREROUTING -d a.b.c.d -p tcp --dport 80 -j�DNAT --to 192.168.0.3 where a.b.c.d is the ext IP of the firewall. Antony.
