On Saturday 10 July 2004 10:39 pm, Frédéric Gonzatti wrote: > My iptables rules are : > ##########################################" > iptables -F > iptables -X > > echo 1 > /proc/sys/net/ipv4/ip_forward > > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT DROP > > iptables -t filter -A INPUT -i lo -j ACCEPT > iptables -t filter -A OUTPUT -o lo -j ACCEPT > > iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth2 -j DNAT --to > 192.168.2.151:25 > > #################################################" > > It's a very simple test. But unfortunately it doesn't work. You need a FORWARD rule to allow the packets through the firewall after being DNATted - you also need to allow the reply packets. iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -d 192.168.2.251 -j ACCEPT I recommend Oskar Andreasson's tutorial http://iptables-tutorial.frozentux.net to you. Regards, Antony. -- The lottery is a tax for people who can't do maths. Please reply to the list; please don't CC me.
