Given the netmask in the original post I think the first rule should be: iptables -t nat -A POSTROUTING -s 192.168.1.0/25 -j MASQUERADE Regards, Brad -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Sander Sneekes Sent: Tuesday, December 10, 2002 9:29 AM To: Todd Hartman Cc: 'netfilter@lists.netfilter.org' Subject: Re: Port Forwarding only works outside? try iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE iptables -A FORWARD -p tcp --dport 25 -d 192.168.1.29 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 25 -d x.x.x.x -j DNAT --to 192.168.1.29 x.x.x.x = eth0 external ip On Tue, 2002-12-10 at 16:31, Todd Hartman wrote: > I've come across an issue I just don't know how to solve. I'm not even > certain it's an issue with iptables itself, but I thought that someone > here might have run across this before and have some advice. > > I've got a RH7.3 box set up with two NICs. Eth0 is external and eth1 > is internal. Internal network is 192.168.1.* with netmask > 255.255.255.128. I need to forward traffic on eth0, port 25 to > 192.168.1.29. The firewall is 192.168.1.1 - both in the same subnet as > I understand it. > > When I forward SMTP traffic to 192.168.1.29 and try to telnet to port > 25 to test SMTP, it just sits there, unresponsive. BUT, if I forward > eth0 port 25 traffic to a machine out on the internet, it works just > fine. > > I suspect a networking problem, but I don't know well enough to pin it > down myself. > > -T >
