Your SNAT rule should be matching dport, not sport. Do you have a rule in FORWARD table on 192.168.1.2 that ACCEPTs this traffic? And is 192.168.1.2 configured to even allow forwarding? j On Mon, 2003-10-06 at 08:30, Jose Pascual wrote: > Hi all, > I am new using iptables and surelly this wil be an easy and stupid question > but perhaps you can help me. I want to understand NAT so I am trying to do > the following: > > I have three computers in my LAN (192.168.1.1; 192.168.1.2 and 192.168.1.3). > 192.168.1.1 has a web server and I would like to access it through > 192.168.1.2 with NAT. For example openning my browser in 192.168.1.3 and > connecting to 192.168.1.2 I should see the same as if I connected to > 192.168.1.1 web server directly, so I have done the following in > 192.168.1.2: > > iptables -t nat -A PREROUTING -p tcp --dport 80 -j > DNAT --to-destination 192.168.1.1 > > > iptables -t nat -A POSTROUTING -p tcp --sport 80 -j SNAT > --to-source 192.168.1.2 > > However it doesn't work. Anyone can help me? > > Thanks > > Regards > Jose Pascual >
