Antony Stone wrote:
On Saturday 10 July 2004 10:39 pm, Frédéric Gonzatti wrote:
My iptables rules are : ##########################################" iptables -F iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth2 -j DNAT --to 192.168.2.151:25
#################################################"
It's a very simple test. But unfortunately it doesn't work.
You need a FORWARD rule to allow the packets through the firewall after being DNATted - you also need to allow the reply packets.
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -d 192.168.2.251 -j ACCEPT
I recommend Oskar Andreasson's tutorial http://iptables-tutorial.frozentux.net to you.
Regards,
Antony.
Thanks Antony, I will try this.
Frederic
