On Thursday 20 May 2004 5:32 pm, O-Zone wrote:
> On Thursday 20 May 2004 18:07, Antony Stone wrote:
> > What about the rest of rc.firewall? You have posted your POSTROUTING
> > SNAT rules - do you have any PREROUTING DNAT rules to convert 151.8.47.B
> > into 192.168.0.3?
>
> Yes ! Here is (for SIENA only):
>
> $IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $SIENA_IP -m
> multiport - --dports 25,53,80,110 -j DNAT --to-destinati$
> $IPTABLES -t nat -A PREROUTING -p UDP -i $INET_IFACE -d $SIENA_IP -m
> multiport - --dports 53 -j DNAT --to-destination $DMZ_SI$
Your PREROUTING DNAT rules specify the input interface (-i $INET_IFACE),
therefore they do not apply to packets arriving on any other interface.
Change this, either by removing the -i option altogether, or by adding extra
rules to apply to the other interrface/s on your firewall from which you want
to allow packets to be DNATted, and things should work.
Regards,
Antony.
--
If the human brain were so simple that we could understand it,
we'd be so simple that we couldn't.
Please reply to the list;
please don't CC me.
