Lets wait with the dns config for a moment ok?
Answer to question 1: YES
Answer to question 2:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
6 360 ACCEPT tcp -- eth0 eth1 0.0.0.0/0
192.168.0.100 tcp dpt:25 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 eth0 192.168.0.100
0.0.0.0/0 tcp spt:25 state NEW,RELATED,ESTABLISHED
Chain PREROUTING (policy ACCEPT 20 packets, 2796 bytes)
pkts bytes target prot opt in out source
destination
1 60 DNAT tcp -- * * 0.0.0.0/0
10.20.30.40 tcp dpt:25 to:192.168.0.100:25
I tryed to telnet in, witch times-out after 6 attempts
On Monday 28 June 2004 11:18 am, Gunnar Frödin wrote:
> Ok about the splitt DNS, i'm new at this(Linux) but I think I know, but if
> you have the time, some more info would be god, there is a DNS on
> 192.168.0.100
Is that DNS server providing responses to internal clients only, or to
external clients as well (in which case, how have you done the DNAT rules
for
that one!?)
> The real problem is that the port forwarding dose not work at all !!!
What, not even from the outside? Hm. The ruleset you posted looked
sensible enough.
Two questions then:
1. Is the public address 217.215.x.x which you are using as the original
destination in your DNAT rule bound to the external interface (eth0) of the
firewall?
2. What do the packet counts for the appropriate rules show from
"iptables -L
FORWARD -nvx; iptables -L PREROUTING -t nat -nvx"?
The packet counts should show us whether packets are:
a) arriving
b) getting DNATted
c) being FORWARDed
d) getting replies
Regards,
Antony.
--
Ramdisk is not an installation procedure.
Please reply to the
list;
please don't CC
me.
