Hello. First of all my configuration is: Debian Linux 3.0r0 w/ kernel 2.4.18-K7 on a x86 AMD Duron on a via KT133A chipset. The system is configured with two NIC's, namely two 3Com 3C905C 10/100-TX PCI networking cards and is acting part as a server and part as a router. I use it for serving things like web to the outside and a router to enable internet access via it from my lan because my ISP only hands me one IP address. if it's of any importance I hand out IP addresses to my lan via dhcpd, oh yea, it's a switched 10/100 mbit ethernet network. eth1 (dynamic, 217.208.248.*) is connected to the net and eth0 (static, 192.168.0.1) is connected to the lan. I've read the NAT HOWTO on netfilter.org and setted up masquadering like (from my ruleset): -A POSTROUTING -o eth1 -j MASQUERADE and I've also done the following: echo 1 > /proc/sys/net/ipv4/ip_forward and edited /etc/network/options to correspond with the variable ip_forward=yes Which works fine, I'm able to access the net via all the clients on my LAN when using the server as my gateway. Now I want to add a rule to forward all incoming data on port 4662 (TCP) from the internet (eth1) to a server on my LAN, namely host 192.168.0.7 (via eth0), so I add the following rule (under *nat): -A PREROUTING -p tcp -m tcp -i eth1 --dport 4662 -j DNAT --to-destination 192.168.0.7:4662 After reloading iptables and trying to connect or scan the port 4662 on my external IP, nothing happends, i.e. the port is closed (yes, the client is listening on 4662 but does not recive any connections from the server's eth0 (192.168.0.1)). Anyone have any ideas for me? I'm providing a copy of my ruleset made with iptables-save to provide additional techincal information: # Generated by iptables-save v1.2.7a on Sun Nov 10 17:58:44 2002 *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -p tcp -m tcp -i eth1 --dport 4662 -j DNAT --to-destination 192.168.0.7:4662 -A POSTROUTING -o eth1 -j MASQUERADE COMMIT Please note, I've tried to fiddle-around with the rules _alot_ so the above is not a specific case of not-working rather than just one out of 100 examples. Thanks in advance. Henric Blomgren / Sweden.
