What you are trying to do is not possible with a straight forward configuration. You have to get the concept of DNAT right. DNAT only works when the DNAT ip address is on seperate subnet. For example, 192.168.0.1 <-> 192.168.0.254 <-> 192.168.1.1 you can DNAT requests coming from 192.168.0.1 to 192.168.0.254 to 192.168.1.1 by doing /sbin/iptables -t nat -I PREROUTING -s 192.168.0.1 -p tcp --dport www -j DNAT --to-destination 192.168.1.1 Venkatesh K ----- Original Message ----- From: "Jose Pascual" <jose.pascual@xxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Monday, October 06, 2003 6:00 PM Subject: NAT problem > Hi all, > I am new using iptables and surelly this wil be an easy and stupid question > but perhaps you can help me. I want to understand NAT so I am trying to do > the following: > > I have three computers in my LAN (192.168.1.1; 192.168.1.2 and 192.168.1.3). > 192.168.1.1 has a web server and I would like to access it through > 192.168.1.2 with NAT. For example openning my browser in 192.168.1.3 and > connecting to 192.168.1.2 I should see the same as if I connected to > 192.168.1.1 web server directly, so I have done the following in > 192.168.1.2: > > iptables -t nat -A PREROUTING -p tcp --dport 80 -j > DNAT --to-destination 192.168.1.1 > > > iptables -t nat -A POSTROUTING -p tcp --sport 80 -j SNAT > --to-source 192.168.1.2 > > However it doesn't work. Anyone can help me? > > Thanks > > Regards > Jose Pascual > > > > >
