Cool, I ll give that a try. Sorry about the typo in the SNAT statment Thanks again. ----- Original Message ----- From: Jason Opperisano <opie@xxxxxxxxxxx> Date: Tuesday, November 16, 2004 11:48 am Subject: Re: port Forwarding > On Tue, 2004-11-16 at 11:44, diadicic@xxxxxxxxxxxxx wrote: > > Can someone help me understand this? > > > > I have a firewall setup up with two nic's in it. > > > > 1 eth0 24.190.x.x which is my Internet connection > > 2 eth1 172.16.12.165 which is a local area network. > > > > I have a web server at 172.16.12.160 “I hope thats > clear”> > > Now if I port forward this way it will not work. > > > > “iptables -A PREROUTING -i eth0 -t nat -p tcp –dport > 80 -j DNAT –to > > 172.16.12.160:80” > > “iptables -A FORWARD -p tcp -d 172.16.12.160 > –dport 80 -i eth0 -o eth1 > > -j ACCEPT” > > > > > > But if I do it this way It will work: > > > > “iptables -t nat -A PREROUTING -p tcp –dport 80 > -d 24.190.x.x -i eth0 -j > > DNAT --to-destination 172.16.12.160 > 172.16.12.160”> > > “iptables -A POSTROUTING -p tcp –dport 80 -d > 172.16.12.160 -j SNAT -o > > eth1 –to-source 172.16.12.165” > > > > > > Could anyone please explain why the first way did not work, all > the directions I read claim that is how to port forward. > > because the default gateway of 172.16.12.160 is not 172.16.12.165? > > -j > > -- > "Oh, so they have internet on computers now!" > --The Simpsons > > >
