On 9/25/07, Aleksander Kamenik <aleksander@xxxxxxxxxxxxxxx> wrote:
NOTED
Indunil Jayasooriya wrote:
>
> I have not added it to prerouting chain. I added just
> now. Forward, input and output chains have it.
PREROUTING must not have it. Only the three filter chains and only if
you use the state machine.
NOTED
> telnet 2.3.4.5 <http://2.3.4.5> 25
>
> it accepts, It works.
>
OK, so DNAT at the second firewall works already. I missed that.
> Now what I need is that I want to telnet to first firewall, then, it
> will forward to second firewall, second firewall will forward to actual
> mail server.
Yes I got that.
Anyway, it's hard to guess without seeing all the rules of the first
firewall. Do any other DNAT's at the first firewall work already?
Is forwading enabled? "cat /proc/sys/net/ipv4/ip_forward" should be "1".
YES
Oh, and by the way. I assumed your routing is in place. Is the the
second firewalls default route (gateway) the first firewall?
Oh yeah, This is the POINT.
SECOND Firewall's default route (gateway) is NOT the FIRST firewall.
BOTH firewall's default route (gateway) is the router given by our ISP.
I think this is the case.
BOTH firewall's default route (gateway) is the router given by our ISP.
I think this is the case.
If 1.2.3.4 and 2.3.4.5 are both external IP's then it's probably the
problem.
YES, this is the ip block given by our ISP. I got 8 internet ips. But they all recide is the same subnet that is
255.255.255.248
Hope to hear from you.
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
