Luca, please paste your iptables -L -n output here. It's much easier to follow. --Adrian. On Tue, 15 Feb 2005 21:09:45 +0100, Andreas Unterkircher <unki@xxxxxxxxxxxx> wrote: > As far as I can see and unterstand your intend, you are only forwarding > (FORWARD-Chain) the internal request to the external interfaces. > Since private networks (10/8, 172.16/16, 192.168/24) are not routed in > the public internet you have to masquerade (NAT) the outgoing > request, so it doesn't contain the internal ips anymore: > > -A POSTROUTING -s 192.168.2.0/255.255.255.0 -d 212.97.32.2 -i eth1 -o eth1 -p tcp > -m tcp --dport 53 -j SNAT --to $YOUR_EXTERNAL_IP_IN_THE_INTERNET > > > Luca Ferrari wrote: > > >On Tuesday 15 February 2005 11:30 Your Name's cat walking on the keyboard > >wrote: > > > > > > > >>The Input interface and output Interface are the same eth1, where as it > >>should have been -i eth0 -o eth1. Match ur interface numbers and it > >>should work. > >> > >> > >> > > > >No, that's right since the machine is, temporarily. working with a single > >interface. In other words, eth1 is now the incoming/outgoing interface. > > > >Luca > > > > > > > > > - > : send the line "unsubscribe linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
