you need to change source address of the forwarded traffic, so that it can go back for the same way it came in from.
andrea
>
Todd Hartman wrote:
I tried the suggestion and I'm sorry to say that it didn't work either. I
realize I didn't give very exacting details on what we had already. I'll do
that now. Here's the /etc/sysconfig/iptables file I'm currently working
with. This was generated through the webmin interface.
# Generated by iptables-save v1.2.5 on Tue Dec 10 10:52:38 2002
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -p tcp -m tcp -i eth0 --dport 25 -j DNAT --to-destination
192.168.1.29:25
COMMIT
# Completed on Tue Dec 10 10:52:38 2002
# Generated by iptables-save v1.2.5 on Tue Dec 10 10:52:38 2002
*mangle
:PREROUTING ACCEPT [272:72783]
:INPUT ACCEPT [6571:1221017]
:FORWARD ACCEPT [2516:1428106]
:OUTPUT ACCEPT [296:174336]
:POSTROUTING ACCEPT [7989:3971198]
COMMIT
# Completed on Tue Dec 10 10:52:38 2002
# Generated by iptables-save v1.2.5 on Tue Dec 10 10:52:38 2002
*filter
:INPUT ACCEPT [273:72823]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [296:174336]
COMMIT
# Completed on Tue Dec 10 10:52:38 2002
I have another server at home that's doing pretty much the same thing with
different ports (for games on a machine behind the firewall) and that's
working fine. If I change that 192.168.1.29:25 to my home server's IP, it
forwards just fine. Also, on this firwall, I can telnet to 192.168.1.29 25
but I can't seem to forward to it.
-T
-----Original Message-----
From: Sander Sneekes [mailto:sander@dmdsecure.com] Sent: Tuesday, December 10, 2002 10:29 AM
To: Todd Hartman
Cc: 'netfilter@lists.netfilter.org'
Subject: Re: Port Forwarding only works outside?
try
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE iptables -A
FORWARD -p tcp --dport 25 -d 192.168.1.29 -j ACCEPT iptables -A PREROUTING
-t nat -p tcp --dport 25 -d x.x.x.x -j DNAT --to 192.168.1.29
x.x.x.x = eth0 external ip
On Tue, 2002-12-10 at 16:31, Todd Hartman wrote:
I've come across an issue I just don't know how to solve. I'm not even
certain it's an issue with iptables itself, but I thought that someone here might have run across this before and have some advice.
I've got a RH7.3 box set up with two NICs. Eth0 is external and eth1
is internal. Internal network is 192.168.1.* with netmask 255.255.255.128. I need to forward traffic on eth0, port 25 to 192.168.1.29. The firewall is 192.168.1.1 - both in the same subnet as I understand it.
When I forward SMTP traffic to 192.168.1.29 and try to telnet to port
25 to test SMTP, it just sits there, unresponsive. BUT, if I forward eth0 port 25 traffic to a machine out on the internet, it works just fine.
I suspect a networking problem, but I don't know well enough to pin it
down myself.
-T
