Friends! Long time no hear!!! Help naman!
I can't seem to make dnat work. Here is my current setup:
router - firewall - web server
I don't want to allow the internet to directly connect to the web server. This is what my current iptables for nat look like:
202.138.128.xxx = router-given public ip 192.168.247.3 = firewall local ip that corresponds to 202.138.128.xxx 192.168.247.5 = web server local ip
iptables -t nat -A PREROUTING -p tcp -d 192.168.247.3 --dport 80 -j DNAT --to-destination 192.168.247.5:80
you say that you dont want hosts on the "internet" to directly access your webserver, but in your iptables rule you have "-d 192.168.247.3" hosts on the internet cannot access this ip (192.168.247.3) thus it will never match the rule and never get DNAT'ed.
try "-d <liveip>" instead
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
