I tried the suggestion and I'm sorry to say that it didn't work either. I realize I didn't give very exacting details on what we had already. I'll do that now. Here's the /etc/sysconfig/iptables file I'm currently working with. This was generated through the webmin interface. # Generated by iptables-save v1.2.5 on Tue Dec 10 10:52:38 2002 *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A PREROUTING -p tcp -m tcp -i eth0 --dport 25 -j DNAT --to-destination 192.168.1.29:25 COMMIT # Completed on Tue Dec 10 10:52:38 2002 # Generated by iptables-save v1.2.5 on Tue Dec 10 10:52:38 2002 *mangle :PREROUTING ACCEPT [272:72783] :INPUT ACCEPT [6571:1221017] :FORWARD ACCEPT [2516:1428106] :OUTPUT ACCEPT [296:174336] :POSTROUTING ACCEPT [7989:3971198] COMMIT # Completed on Tue Dec 10 10:52:38 2002 # Generated by iptables-save v1.2.5 on Tue Dec 10 10:52:38 2002 *filter :INPUT ACCEPT [273:72823] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [296:174336] COMMIT # Completed on Tue Dec 10 10:52:38 2002 I have another server at home that's doing pretty much the same thing with different ports (for games on a machine behind the firewall) and that's working fine. If I change that 192.168.1.29:25 to my home server's IP, it forwards just fine. Also, on this firwall, I can telnet to 192.168.1.29 25 but I can't seem to forward to it. -T -----Original Message----- From: Sander Sneekes [mailto:sander@dmdsecure.com] Sent: Tuesday, December 10, 2002 10:29 AM To: Todd Hartman Cc: 'netfilter@lists.netfilter.org' Subject: Re: Port Forwarding only works outside? try iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE iptables -A FORWARD -p tcp --dport 25 -d 192.168.1.29 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 25 -d x.x.x.x -j DNAT --to 192.168.1.29 x.x.x.x = eth0 external ip On Tue, 2002-12-10 at 16:31, Todd Hartman wrote: > I've come across an issue I just don't know how to solve. I'm not even > certain it's an issue with iptables itself, but I thought that someone > here might have run across this before and have some advice. > > I've got a RH7.3 box set up with two NICs. Eth0 is external and eth1 > is internal. Internal network is 192.168.1.* with netmask > 255.255.255.128. I need to forward traffic on eth0, port 25 to > 192.168.1.29. The firewall is 192.168.1.1 - both in the same subnet as > I understand it. > > When I forward SMTP traffic to 192.168.1.29 and try to telnet to port > 25 to test SMTP, it just sits there, unresponsive. BUT, if I forward > eth0 port 25 traffic to a machine out on the internet, it works just > fine. > > I suspect a networking problem, but I don't know well enough to pin it > down myself. > > -T >
