On Monday 05 April 2004 6:14 pm, Oleg Savostyanov wrote:
> I get lost, trying to do a very simple thing...
> My mail server is inside my lan with IP 10.10.10.252
> I need to open port 25 of my mailserver to the universe
> I made following
> 1)I permit in forward chain packets with dest. port 25
> and
> 2)do DNAT in PREROUTING chain
>
> when I try to telnet to $EXTIP on 25 from outside
> telnet: Unable to connect to remote host: Connection refused
Your FORWARD rule needs to allow the packets to the real IP address
(10.10.10.252) because the packets have already been translated by the
PREROUTING rule by the time they get to FORWARD.
Regards,
Antony.
--
I want to build a machine that will be proud of me.
- Danny Hillis, creator of The Connection Machine
Please reply to the list;
please don't CC me.
