Kasi naka router na yung 202.138.128.xxx eh. parang ganito... router - firewall - web server [202.138.128.xxx -> 192.168.247.3] - [192.168.247.3 -> 192.168.247.5] - web server
So the router does the first nat from 202.138.128.xxx to 192.168.247.3 and I need to perform the 2nd nat from 192.168.247.3 to 192.168.247.5 Ayaw pa rin ng "-d <liveip>". Baka kasi may 1st routing pa? fritz <www.mesedilla.com> --- + Basta Ikaw Lord > -----Original Message----- > From: Mark M. Barrios [mailto:[EMAIL PROTECTED] > Sent: Monday, September 08, 2003 4:49 PM > To: Philippine Linux Users Group Mailing List > Subject: Re: [plug] iptables > > > Fritz Mesedilla wrote: > > Friends! Long time no hear!!! > > Help naman! > > > > I can't seem to make dnat work. > > Here is my current setup: > > > > router - firewall - web server > > > > I don't want to allow the internet to directly connect to > the web server. > > This is what my current iptables for nat look like: > > > > 202.138.128.xxx = router-given public ip > > 192.168.247.3 = firewall local ip that corresponds to > 202.138.128.xxx > > 192.168.247.5 = web server local ip > > > > iptables -t nat -A PREROUTING -p tcp -d 192.168.247.3 > --dport 80 -j DNAT --to-destination 192.168.247.5:80 > > you say that you dont want hosts on the "internet" to directly access > your webserver, but in your iptables rule you have "-d > 192.168.247.3" > hosts on the internet cannot access this ip (192.168.247.3) > thus it will > never match the rule and never get DNAT'ed. > > try "-d <liveip>" instead > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > ---------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100 -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
