On Monday 20 January 2003 11:15 am, - = k o l i s k o = - wrote: > Hi all, > > i have the following situation: > > > nntp clients -- [internet] --+-- server1:119 > > +-> server2:119 > > we manage the server1. It is a server with more services (web, ftp, > pop3, ...). The new service will be nntp(119) but we dont want to > install there a news SW. We only need forward all nntp/news traffic to > another server - server2. > > server2 is not our server, but this server accept all the traffic from > source IP address of server1. There is not possible to accept directly > the traffic from all clients becouse they dont have the same address > like server1 of course. > > What we need is to configure a server1 to accept all connections from > clients to port 119(news) and forward it to destination server2 but > with source address of server1. > > Note that server1 have only one NIC interface. > > I have this on the server1 and it dont work: > > /sbin/iptables -t nat -A PREROUTING -i eth0+ --protocol tcp > --destination-port 119 -j DNAT --to-destination server2:119 First, you should probably be using "-i eth+", since I presume you are trying to tell it to match ALL ethernet devices. Second, all this does it change the destination of the traffic to server2. You still need to change the sourceIP of that traffic so that it appears to come from server1. Try adding this: /sbin/iptables -t nat -A POSTROUTING -d server2 --dport 119 \ -j SNAT --to server1 where of course 'server1' and 'server2' are both replaced with their corresponding IPs. j
