Ok, turns out I wasn't an idiot after all :-) The ISP's Cisco router was not expiring the ARP cache correctly. Since I had moved these public addresses from a BorderManager server to this Linux box, I had the help desk clear the ARP cache manually and all is well :-) Thanks for the quick reply, though. It is appreciated. >>> Steve Mickeler <steve@xxxxxxxxxx> 03/18/03 12:59PM >>> On Tue, 18 Mar 2003, Greg Dickinson wrote: > Hello all, > > This question will undoubtedly get me branded as a n00b :-) but I am about to go insane trying to figure this out. Am I doing something wrong? > > Here's the scenario: > > I have a RedHat 8 (Kernel 2.4-18) firewall that I am going to run squid on, as well as do some static NATting for some of the administrative PC's here. I have configured the Cisco router to direct all the traffic from the affected /24 subnet to the linux box, and I am trying to do a 1-to-1 NAT so we can do things like Terminal Services, etc. across the internet. I am using the following commands (the addresses are for my PC) > > iptables -t nat -A POSTROUTING -s 10.227.101.4 -j SNAT --to 207.157.9.<something> > iptables -t nat -A PREROUTING -s 207.157.9.<something> -j DNAT --to 10.227.101.4 Change the -s to -d on the PREROUTING rule. iptables -t nat -A PREROUTING -d 207.157.9.X -j DNAT --to 10.227.101.4 iptables -t nat -A POSTROUTING -s 10.227.101.4 -j SNAT --to 207.157.9.X > > And all the traffic summarily dies at the firewall :-) > > I have aliased the 207.157.9.<something> address to the eth1 interface of the firewall. What simple, obvious thing have I missed? > > TIA, > > --Greg > > > > Gregory B. Dickinson, CNE CCNA > Systems Engineer > Logista Solutions > (205) 231-5602 > (tQ = 2b|!2b) > >
