ur second forward rule matches tcp conns when it should match udp. On Mon, 2003-01-13 at 09:52, Mattia Martinello wrote: > Hi all > > I wish to open DNS connections and redirect it from the gateway and the > server on the DMZ. > I tried these rules: > > iptables -t nat -A PREROUTING -p tcp -i ppp0 -d [public IP] --dport 53 > -j DNAT --to [private IP]:53 > iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT > > iptables -t nat -A PREROUTING -p udp -i ppp0 -d [public IP] --dport 53 > -j DNAT --to [private IP]:53 > iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT > > But if I try to query my DNS server from the Internet my query goes in > timeout. > The connections between [private IP] and the Internet are allowed (all > other services work good without any problem, the only service that gets > me some problems is DNS). > > What have I to open to allow DNS connections from the gateway and the DMZ? > > Thank you very much > Bye > Mattia > >
