On Thu, 2004-09-09 at 07:58, Tom Fischer wrote: > On Thu, 09 Sep 2004 07:38:26 -0400 > Jason Opperisano <opie@xxxxxxxxxxx> wrote: > > > what are the IP addresses of $oldmachine and $newmachine (obfuscate > > the first two octets if you must)? > > $oldmachine=81.16.97 > $newmachine=80.190.140 > > There are a few IP-Adresse which i have to transfer to the newmachine. > > > are you trying to DNAT from one machine on the local network to > > another machine on the local network? what network is the client > > traffic sourcing from? is it the same network? > > No, they are on different locations. The old one is in Innsbruck, > Austria and the new one in Munich, Germany. for what it's worth--it sounds like your problem has much more to do with routing than with iptables firewalling. i think i may have misunderstood your original post. are you running iptables and the DNAT rule on $oldmachine? if so, unless the reply packets from $newmachine are routed back through $oldmachine; this setup won't work (for what should be painfully obvious reasons). if your DNAT rule is on a gateway machine upstream from both $oldmachine and $newmachine--i'd say you have a routing failure somewhere in the chain. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
