Hi,
I'm not currently part of the mailing list so please carbon me on any
replies. The current configuration is:
Firewall (2 interfaces):
eth0: a.b.c.d
eth0:1 a.b.c.e ( e = d+1 ... I got a small netblock of about 5 ip's)
eth1: 192.168.0.1
Internal Web Server (1 interface):
eth0: 192.168.0.2
a.b.c.d and a.b.c.e is a public IP address.
Current Rules I'm useing are this:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source a.b.c.d
iptables -t nat -A PREROUTING -i eth0 -d a.b.c.e -p tcp --dport 1000 -j
DNAT --to-destination 192.168.0.2
iptables -t nat -A PREROUTING -i eth0 -d a.b.c.e -p tcp --dport 80 -j
DNAT --to-destination 192.168.0.2
Everything looks like it's fine and dandy, from the outside of eth0
everything is fine. I can connect to both port 1000 and port 80 on eth0:1
from any outside source. I have another internal machine on 192.168.0.3. The
problem I am currntly haveing is that the 192.168.0.3 machine cannot
connect to the forwarded ports on eth0:1 (a.b.c.e) interface, ports 1000 and
80. All I seem to get is a "Connection Refused" unless I add the rule:
iptables -t nat -A PREROUTING -i eth1 -d a.b.c.e -p tcp --dport 80 -j
DNAT --to-destination 192.168.0.2
In which case I get a hung connection on "SYN_SENT" with incomming
connection to the 192.168.0.2 machine.
any help would greatly be appreciated.
Thanks in advance,
Justin Booth
jbooth@xxxxxxxxxx
