Re: DNAT Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 22 April 2004 7:18 pm, test@xxxxxxxxxxxxxxx wrote:

> > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to
> > > 192.168.0.6:25
> >
> > I don't believe that can be your complete ruleset.
> >
> > I see nothing wrong with the above rule as it stands, however on its own
> > it's not much good - you need a FORWARD rule to allow packets through to
> > the mail server as well.
>
> Can you give me an example of the forward rule set.

iptables -A FORWARD -d a.b.c.d -p tcp --dport 25 -j ACCEPT

where a.b.c.d is the real (internal) IP address of your mail server.

> > Anyway, I thought (I may be mistaken) that the problem was not with the
> > inbound DNAT, but with SNAT?

I repeat the statement immediately above.

> Or shall I attach my complete bash script ? (is it ok ?)

Please do post the smallest ruleset which demonstrates the problem (ie it 
allows access to your internal mailserver, but all accesses appear to be from 
the firewall's IP address).

Regards,

Antony.

-- 
"The problem with television is that the people must sit and keep their eyes 
glued on a screen; the average American family hasn't time for it."

 - Report in the New York Times, following a demonstration at the 1939 World's 
Fair.

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux