>> I tried to DNAT the lan back >> to itself and >> it just isn't working.. > > If I think I know what your trying to do, you are doing a LAN to LAN > connection right? > > Don't forget that a LAN to LAN DNAT also must have a POSTROUTING SNAT rule > so the destination server replies back via the firewall/NAT server. > otherwise it'll reply directly to the client and the client will drop the > packet immediately. Ok..i guess this is what i'm missing. I'm not sure where i should be source natting to however. the packet starts at lan....destined for internet...now..it supposedly should get DNATED back to lan..... now like i say..after the first DNAT rule that DNATS it back to the lan, it hits another one one that the DNATs it to the DMZ, but this one doesn't have the port specific information, as normally i'd want it ending up in the DMZ. i just don't see how a SNAT fits in here. but then that's why i'm asking fr help. Thanks agagin Aaron P. Martinez > > Have you done any tcpdumping or -j LOGing?? > > Thanks, > ____________________________________________ > George Vieira > Systems Manager > georgev@xxxxxxxxxxxxxxxxxxxxxx > > Citadel Computer Systems Pty Ltd > http://www.citadelcomputer.com.au > > Phone : +61 2 9955 2644 > HelpDesk: +61 2 9955 2698 > > >> -----Original Message----- >> From: ml@xxxxxxxxxxxxxx [mailto:ml@xxxxxxxxxxxxxx] >> Sent: Friday, 31 October 2003 1:18 PM >> To: netfilter@xxxxxxxxxxxxxxxxxxx >> Subject: PLEASE HELP with DNAT problem >
