Am Mit, 2003-05-21 um 16.39 schrieb B. van Ouwerkerk: > > Tried but still no sigar :( > > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source EXT_IP > iptables -t nat -A POSTROUTING -s 10.0.0.112 -j SNAT --to EXT_IP > echo "1" > /proc/sys/net/ipv4/ip_forward > iptables -t nat -A PREROUTING -i eth0 -p tcp -d EXT_IP --dport 3389 -j DNAT > --to 10.0.0.112:3389 > iptables -t nat -A PREROUTING -i eth0 -p tcp -d EXT_IP --dport 21 -j DNAT > --to 10.0.0.112:21 > iptables -t nat -A PREROUTING -i eth0 -p tcp -d EXT_IP --dport 80 -j DNAT > --to 10.0.0.112:80 > iptables -A FORWARD -i eth1 -o eth0 -s 10.0.0.112 -j ACCEPT > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > You are only allowing packets through the forward chain in the direction eth1->eth0. There is no packet allowed in the other direction. iptables -A FORWARD -i eth0 -o eth1 -d 10.0.0.112 -m multiport --dport 3389,21,80 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
