-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 20 May 2004 18:07, Antony Stone wrote: > What about the rest of rc.firewall? You have posted your POSTROUTING SNAT > rules - do you have any PREROUTING DNAT rules to convert 151.8.47.B into > 192.168.0.3? Yes ! Here is (for SIENA only): $IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_SIENA_IP -m multiport --dports 25,53,110 -j allowed $IPTABLES -A FORWARD -p UDP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_SIENA_IP -m multiport --dports 53 -j allowed $IPTABLES -A FORWARD -p ICMP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_SIENA_IP -j icmp_packets $IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $SIENA_IP -m multiport - --dports 25,53,80,110 -j DNAT --to-destinati$ $IPTABLES -t nat -A PREROUTING -p UDP -i $INET_IFACE -d $SIENA_IP -m multiport - --dports 53 -j DNAT --to-destination $DMZ_SI$ > If you do not have any PREROUTING rules, I remain confused about how this > was already working from the Internet as you said previously, but try: > > iptables -A PREROUTING -t nat -p tcp --dport 110 -d 151.8.47.B -j DNAT --to > 192.168.0.3 Don't work :-( - -- "If a camel flies, no one laughs if it doesn't get very far." -- Paul White -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFArN2YYuBSFbgkEysRAmcFAKCW2V0kRalMNbuwZmq42Gy+u7p08gCffD7w KAM4uDcf9QHjbXn5U/QRQN4= =exTi -----END PGP SIGNATURE-----
