> I will be using pseudonyms for the machines and public IP addresses > The two web servers are: > NAME INTERNAL IP ADDRESS PUBLIC IP ADDRESS > > marge.prl.ca 192.168.0.244 8.8.8.149 > homer.prl.ca 192.168.0.211 8.8.8.148 ... > I have successfully NAT'd the first web server marge with the > following instructions: > #Open ports on Marge > #First the regular port 80 > /sbin/iptables -A FORWARD -j ACCEPT -p tcp --dport 80 > /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 > -j DNAT --to 192.168.0.244:80 If this is your first PREROUTING rule, it will match *all* http traffic coming in at eth1 since you didn't specify a destination IP (-d <ip>). > But when I try to NAT homer with the following commands I can > NOT find the page outside of > our network. > #Opening a route to Homer > /sbin/iptables -A FORWARD -j ACCEPT -p tcp --dport 80 > /sbin/iptables -t nat -A PREROUTING -d homer.prl.ca -p tcp > --dport 80 -j DNAT --to 192.168.0.211:80 So this PREROUTING rule will never match. The http traffic was already cought by the previous rule. Besides, the way you're using it you only need the FORWARD rule once. In short, I think it would be : /sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT /sbin/iptables -t nat -A PREROUTING -i eth1 -d marge.prl.ca \ -p tcp --dport 80 -j DNAT --to 192.168.0.244:80 /sbin/iptables -t nat -A PREROUTING -i eth1 -d homer.prl.ca \ -p tcp --dport 80 -j DNAT --to 192.168.0.211:80 Gr, Rob
