Hi Antony, Sorry for the confusion. > On Sunday 02 May 2004 3:24 pm, Jee J.Z. wrote: > > > Hi all, > > > > My rules on a gateway linux box (PC2) are set as follows: > > > > Internet(PC1 and so on)-----------(eth0:global_ip)-PC2-(eth1:192.168.0.1)-------------Internal > > networks(PC3(192.168.0.2) and so on...) > > > > iptables -F > > iptables -F -t nat > > iptables -I FORWARD -j QUEUE > > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to global_ip > > iptables -t nat -A PREROUTING -i eth1 -j DNAT --to 192.168.0.2 > > That is a weird-looking rule. Where does IP 192.168.0.2 exist on the above > diagram? It's the internal IP of PC3. I modified the diagram a little bit. Thank you. Jee > > ICMP echo request packets from PC1 or PC3 to PC2 can be caught by the > > FORWARD chain queuing to userspace, however, ICMP echo reply (in response > > to ping request from PC2) packets from PC1 or PC3 to PC2 will be ignored by > > the FORWARD chain. Is this a reasonable phenomenon? Could anyone tell me > > the reasons? Thanks a lot in advance! > > > > Cheers, > > Jee > > -- > Ramdisk is not an installation procedure. > > Please reply to the list; > please don't CC me. > > >
