George Vieira was once rumoured to have said: > Hi all, > > I have everything working sweet with IPtables but what I've noticed is that > the firewall itself can't ping/connect to the internal/NATed webservers... > > Outside and Inside clients are routed / transalated back and forth OK but > the firewall can't connect.. > > From my little diagram, I can only see that it can only be done at the > OUTPUT(nat) chain and the PREROUTING(nat) chain on the internal nic > interface > > Does this sound right to people.. I don't want to knock my webserver > down..... > > iptables -A OUTPUT -t nat -d 203.x.x.x -j DNAT --to 192.168.1.1:80 > iptables -A PREROUTING -t nat -s 192.168.1.1:80 -i eth0 -j SNAT --to > 203.x.x.x
Uh, this is much bogosity. If you're trying to let external hosts connect to 192.168.1.1:80 by communicating to 203.x.x.x, you want: iptables -t nat -A PREROUTING -p tcp -d 203.x.x.x --dport 80 -j DNAT --to-destination 192.168.1.1 the reverse rule is NOT necessary as NAT replies are dynamically handled in iptables, even for static translations. C. -- --==============================================-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==============================================-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
