yes, sorry about my english .. I have nat compiled as kernel module ... I found the problem I fix it ... I must compile the kernel with this ... Networking options ---> IP: Netfilter Configuration --->[*] NAT of local connections (READ HELP) When I include this the rule of the output chain was accept I hope this help anyone. Again sorry about my english y thanks for all Best regards, Diego ----- Original Message ----- From: "Thomas Klettke" <thomas@xxxxxxxxxx> To: "Diego R. Rodriguez Herlein" <diegorh@xxxxxxxxxxxxxx> Cc: "Leszek Zur" <lzur@xxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Wednesday, September 10, 2003 9:29 PM Subject: Re: POSTROUTING & DNAT > Diego, > I'm not quite sure about your answer, I understand from it this: > > You do not have NAT support compiled into your kernel. > You have it compiled as a kernel module though. > > Is this correct? > > > > > On Wed, 2003-09-10 at 16:55, Diego R. Rodriguez Herlein wrote: > > nop > > like module ... > > I am really lost about it > > Thank you for your answer! > > Regards, > > > > Diego > > > > PD Sorry about my english > > ----- Original Message ----- > > From: "Thomas Klettke" <thomas@xxxxxxxxxx> > > To: "Diego R. Rodriguez Herlein" <diegorh@xxxxxxxxxxxxxx> > > Cc: "Leszek Zur" <lzur@xxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> > > Sent: Wednesday, September 10, 2003 8:59 AM > > Subject: Re: POSTROUTING & DNAT > > > > > > > Is NAT support compiled into the kernel? > > > > > > > > > On Tue, 2003-09-09 at 22:39, Diego R. Rodriguez Herlein wrote: > > > > Sorry those are my rules (DMZ) > > > > > > > > HTTP > > > > # > > > > iptables -t nat -A PREROUTING -p tcp -d $IP_REAL --dport 80 -j DNAT \ > > > > --to-destination $IP_DMZ > > > > iptables -t nat -A POSTROUTING -p tcp -d $IP_DMZ --dport 80 -j SNAT \ > > > > --to-source $IP_LAN > > > > iptables -t nat -A OUTPUT -p tcp -d $IP_REAL --dport 80 -j DNAT \ > > > > --to-destination $IP_DMZ > > > > # > > > > # > > > > # > > > > work great with rh 7.1 kernel 2.4.17 > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Leszek Zur" <lzur@xxxxxxxxxxxxx> > > > > To: <netfilter@xxxxxxxxxxxxxxxxxxx> > > > > Sent: Thursday, May 22, 2003 10:01 AM > > > > Subject: POSTROUTING & DNAT > > > > > > > > > > > > > Hello > > > > > > > > > > iptables -t nat -A OUTPUT -d 1.1.1.1 -j DNAT --to-destination 2.2.2.2 > > > > > iptables: Invalid argument > > > > > > > > > > Can anyone help me understand what is happening? > > > > > > > > > > iptables v1.2.8 > > > > > kernel 2.4.20 > > > > > > > > > > thnx > > > > > > > > > > Leszek > > > > > > > > > > > > > > > > > > > > > > > > >
