On Tue, Jun 05, 2001 at 08:09:41AM -0500, David Talbot wrote: > #THIS IS THE PROBLEM LINE > iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1 > #THIS IS THE PROBLEM LINE I tried this on my 2.4.5 box, and it works just fine -- as long as the --to <address> isn't the same box I'm attempting to connect from. IOW, as long as the webserver isn't on the same box I'm attempting to browse outside the firewall with. When I tried to DNAT to the same box I was running lynx on, I just got a timeout. When I switched to DNAT to a different box, all requests went there properly. -- Adrian Chung (adrian at enfusion-group dot com) http://www.enfusion-group.com/~adrian GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 [rogue.enfusion-group.com] up 28 days, 22:07, 2 users
