Your FORWARD rule is still wrong. It's already been DNAT'd so forward it to the IP thats on the box..ie 10.0.0.11 panic:/# iptables -A FORWARD -i eth0 -o eth1 -p tcp -d \ 10.0.0.11 --dport 21 -j ACCEPT Also your firewall is on panic so NONE of the rules you have listed are even used. When you telnet from panic to 10.0.0.11. http://www.netfilter.org/documentation/index.html#HOWTO -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of louie miranda Sent: Monday, 24 February 2003 7:02 PM To: netfilter@lists.samba.org Cc: Rasmus Bøg Hansen Subject: Re: Forwarding problem, :( port redirection! panic:/# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 203.190.72.108 --dport 21 -j DNAT --to 10.0.0.11:21 panic:/# iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 203.190.72.108 --dport 21 -j ACCEPT panic:/# telnet 203.190.72.108 21 Trying 203.190.72.108... telnet: Unable to connect to remote host: Connection refused panic:/# telnet 10.0.0.11 21 Trying 10.0.0.11... Connected to 10.0.0.11. Escape character is '^]'. 220 Dynu FTP Server (Version 1.13) ^] telnet> q Connection closed. panic:/# telnet 203.190.72.108 21 Trying 203.190.72.108... telnet: Unable to connect to remote host: Connection refused panic:/# Still no success! :( -- thanks, louie miranda ----- Original Message ----- From: "Rasmus Bøg Hansen" <moffelist@amagerkollegiet.dk> To: "louie miranda" <lmiranda@chikka.com> Cc: <netfilter@lists.samba.org> Sent: Monday, February 24, 2003 4:25 PM Subject: Re: Forwarding problem, :( port redirection! On Mon, 24 Feb 2003, louie miranda wrote: > Im trying just to forward simple ftp, 21 request into my internal machine. > Im typing this but it does not work.. > iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.11 --dport 21 -j > DNAT --to 203.190.72.108:21 > iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 203.190.72.108 --dport 21 -j > ACCEPT Are you *sure* of those IP's? 10.0.0.11 is a private IP and is unusable on the internet - however your rules state that 10.0.0.11 is located on the internet. I'm pretty sure, you need to exchange the global and local IP. /Rasmus -- -- [ Rasmus "Møffe" Bøg Hansen ] --------------------------------------- Drink wet cement: Get Stoned. ----------------------------------[ moffe at amagerkollegiet dot dk ] --
