Aha! Thanks so much. -R Beisner On Thu, 2002-11-14 at 19:29, Joel Newkirk wrote: > On Thursday 14 November 2002 07:33 pm, Ryan Beisner wrote: > > Hi > > > > I have successfully installed a mail + web server in my new dmz, filtered > > by netfilter in Redhat 7.3. My problem is, the request addresses show up > > as the dmz interface's ip address (of the packet filter box). This > > > $ipt -A PREROUTING -t nat -d $PRESext -j DNAT --to $PRESdmz > > $ipt -A POSTROUTING -t nat -d $PRESdmz -j SNAT --to $PRESext > > > $ipt -A PREROUTING -t nat -d $KEYext -j DNAT --to $KEYdmz > > $ipt -A POSTROUTING -t nat -d $KEYdmz -j SNAT --to $KEYext > > Drop the SNAT rules. In the PRE you take anything coming in the 'real' IP and > change it's destination to the dmz IP. But in the POST you take those same > packets and change their source to the real IP. If you drop the POST rules, > then the packets will just pass on to $PRESdmz with their (presumably) real > source IP intact. > > j >
