Christopher Abrahamsson sighed and wrote::
> Hi
>
> I've been trying to solve this problem for quite some time now, but i
> can't really figure out how...
> Here's my current setup:
> _ my computer (10.0.0.3)
> |
> internet - iptables gateway -|- my server(web, mail etc) (10.0.0.2)
> (212.181.43.20) |
> |_ a bunch of other computers (10.0.0.x)
>
>
I believe you firstly need to do a NAT prerouting and then after the
forward lines, you need a POSTROUTING NAT command. Here's my
stab at this, given your situation:
iptables -t nat -A PREROUTING -i eth1 -p tcp -d 212.181.43.20 \
--dport 80 -j DNAT --to 10.0.0.2
#not too sure if the next line is needed.
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dst 10.0.0.2 \
--dport 80 -s 10.0.0.3 -j SNAT --to-source 212.181.43.20
Mind you, I think the last line above, the --to-source should be
pointing to your gateway's internal IP and not the external one.
If your gateway's internal IP is 10.0.0.20, then the above should
be:
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dst 10.0.0.2 \
--dport 80 -s 10.0.0.3 -j SNAT --to-source 10.0.0.20
Can someone point out if I got the above correct?
Edmund
