On Mon, 24 Feb 2003, louie miranda wrote:
> panic:/# iptables -t nat -A PREROUTING -i eth0 -p tcp -d
> 203.190.72.108 --dport 21 -j DNAT --to 10.0.0.11:21
> panic:/# iptables -A FORWARD -i eth0 -o eth1 -p tcp -d
> 203.190.72.108 --dport 21 -j ACCEPT
> panic:/# telnet 203.190.72.108 21
> Trying 203.190.72.108...
> telnet: Unable to connect to remote host: Connection refused
> panic:/# telnet 10.0.0.11 21
> Trying 10.0.0.11...
> Connected to 10.0.0.11.
> Escape character is '^]'.
> 220 Dynu FTP Server (Version 1.13)
> ^]
> telnet> q
> Connection closed.
> panic:/# telnet 203.190.72.108 21
> Trying 203.190.72.108...
> telnet: Unable to connect to remote host: Connection refused
> panic:/#
Why do you want to use the WAN IP from your LAN when you could contact
the LAN IP directly?
What you have to do is:
1) Forward traffic from internal hosts.
2) NAT local->local traffic (This is explained somewhere in the
netfilter docs)
The above rules only forwards traffic from the internet.
/Rasmus
--
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
Programming is a race between programmers, who try and make more and
more idiot-proof software, and universe, which produces more and more
remarkable idiots.
Until now, universe leads the race.
- R. Cooka
----------------------------------[ moffe at amagerkollegiet dot dk ] --
