On December 18, 2003 02:48 pm, Cristian Goian wrote: > Hi, > I have a PII/500 PC with eth0=public address, eth1=192.168.0.1 for DMZ and > eth2=192.168.1.1 for LAN. I have DNAT for web to my DMZ (TCP) working and > DNAT for DNS to my DMZ (UDP) not working. Kernel is 2.4.18, iptables 1.2.7a > . > No services on that box. > From inside (LAN) I can conect to web server using IP address (NATed) and > not by name (DNS not being able to reach). All traceroute go through NATbox > without being DNAT-ed (to default gateway outside to my ISP), a problem > similar to "DNATing packets sent to the NATing box" posted couple a day > before by someone else, but no service on mine. The DNS in DMZ are working > 100%. Same the web server wich I can reach. > > It like DNAT working for TCP and not for UDP I think we need much more info to procesed here, but it rather sounds like your problems are as follows 1) Your rules to allow connections from the LAN to the DMZ is correct 2) You have not setup rules to allow the LAN ICMP access to the DMZ (Thats likely wise) 3) You have not setup rules to allow your LAN clients access to sufficient other services to connect correctly (i.e. DNS and whatever else they need) You might want to post the relevant rules here (minus uniquely identifying IP addresses of course) -- HTTP connections are only on TCP ... if the webserver is also your DNS server you need to setup rules for TCP port 53 and UDP port 53 that follow the routing that your TCP port 80 rules do. > > > > Many thaks in advance for any help > > CFG > > > --------------------------------- > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing
