You should add an SNAT rule, so your inside box is able to answer to the outside connection from privat IP (10.0.0.112).
#iptables -A POSTROUTING -s 10.0.0.112 -o eth0 -j SNAT --to-source public_ip
Nandor Szabo
Tried but still no sigar :(
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source EXT_IP
iptables -t nat -A POSTROUTING -s 10.0.0.112 -j SNAT --to EXT_IP
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp -d EXT_IP --dport 3389 -j DNAT --to 10.0.0.112:3389
iptables -t nat -A PREROUTING -i eth0 -p tcp -d EXT_IP --dport 21 -j DNAT --to 10.0.0.112:21
iptables -t nat -A PREROUTING -i eth0 -p tcp -d EXT_IP --dport 80 -j DNAT --to 10.0.0.112:80
iptables -A FORWARD -i eth1 -o eth0 -s 10.0.0.112 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Looking at those rules, is there any reason why it shouldn't work? I must admit that I don't see it anymore.. I've tested quite a few other options, rewritten several rules..
Conntrakt still says something like: tcp 6 87 SYN_SENT src=my_own_pc_public_ip dst=public_ip_of_linux_box sport=1108 dport=21 [UNREPLIED] src=10.0.0.112 dst=my_own_pc_public_ip sport=21 dport=1108 use=1
For each tested port. I have tried both the aliassed IP as the real IP of the box. No luck..
Any thoughts?
TIA,
B.
