Hello Danila, there's some -p tcp missing cuz we only want that, refer to the mail from Robert (I think) he gave all 3 rules, that should fix your problem ... Tuesday, February 11, 2003, 8:11:08 PM, you wrote: D> Hello Danila, D> Shouldn't be a problem, since netfilter takes care before the paket D> hits anything else, as long as you put your rule in the prerouting D> chain. D> All you wanna do is add something like: D> iptables -t nat -A PREROUTING -d realip --dport 33333 -i eth0 -j DNAT D> --to 192.168.13.147.80 D> This rewrites the destination address. if you ip is from a dialup D> connection you might want to use MASQUERADE ... D> And make sure you have connection tracking, so the answer packages get D> rewritten properly. D> I think that should do .... D> Check out the FAQs there's some nice examples there ... D> Tuesday, February 11, 2003, 7:21:30 PM, you wrote: DO>> Hello, DO>> I want to ask you something regarding something that i am stuck in... :-) DO>> I need to allow acces to a Web server which runs on a machine inside my LAN. DO>> my topology is : DO>> internet <------>(eth0)[web,smtp,pop3,ftp](eth1)<------>LAN(192.168.13.0/24) DO>> i have only one "real" IP on eth0. DO>> can you tell me how can i use something like : DO>> http://www.myserver.xxx:33333 to redirect to .. let's say 192.168.13.147:80 ?? DO>> the main problem that i see here is that on port 33333 i have no services running. DO>> Thanxx in advance, DO>> Danila Octavian(pisic@service.agress.ro) -- Best regards, DarKRaveR mailto:DarKRaveR@habitat-b.de
