James wrote:
HiHi,
I'm having some trouble getting DNAT to work properly. I have a gateway machine that has two different connections to the Internet, on eth1 and eth2. I'm trying to allow inbound port 1723 to be forwarded to an internal PPTP server through both interfaces. It works on eth2, but not eth1. Here's what I've got:
I would try to check if packets arrives on .165 by tcpdump on this host. just to see if DNATTING and FORWARDING is done correctly, and it should be based on rules u showed us.
Then i would ask how do you deal with routing packets on your gw. I mean, if u receive the connection on eth2 and you DNAT and forward to .167 , the returning packets from .167 should be routed to the eth2 and exit the gw from that interface. The same for eth1 and .165
What about you routing settings on the gw? maybe u use eth2 as default route interface and also the packets that come back from .165 exits and are routed by eth2. this way you'll never get the SNAT rule associated to the previous DNAT rule matched and applied .
BTW this is just an idea ;)
bye primero
