Hi Doug, Do you want to NAT for traffic coming in or for traffic going out ? If you want your internal network to be able to reach external telnet and smtp servers, then your destination port will be 23 or 25, not your source port. If you want to host telnet and smtp servers behind a firewall and allow only NATted access to these servers, then you should be using DNAT, not SNAT. Hope this helps, Ranjeet Shetye Senior Software Engineer Zultys Technologies 771 Vaqueros Avenue Sunnyvale CA 94085 USA Ranjeet.Shetye@Zultys.com http://www.zultys.com/ > -----Original Message----- > From: netfilter-admin@lists.netfilter.org > [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of > Simpson, Doug > Sent: Friday, December 13, 2002 9:49 AM > To: 'netfilter@lists.netfilter.org' > Subject: natting specific ports > > > I want to "NAT" just specific ports to my Public IP. Do the > commands below make sense? I want my internal network to be > able to telnet and send email. (eth0 is my External NIC - it > is exposed to the internet) > iptables -t nat -A POSTROUTING -p tcp --sport 25 -o eth0 -s > $INTERNAL_IP -j SNAT --to $EXTERNAL_IP iptables -t nat -A > POSTROUTING -p tcp --sport 23 -o eth0 -s $INTERNAL_IP -j SNAT > --to $EXTERNAL_IP > > Thank you, > Doug >
