Thanks. It is working good. ----- Original Message ----- From: "Sertys" <sertys@xxxxxxxxxxxxxx> To: "Netfilter list" <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, March 22, 2005 7:24 PM Subject: Re: Two netwok cards to access the internet. On Tue, 22 Mar 2005 18:54:26 -0300, SebastiГЈo AntГґnio Campos <sa.campos@xxxxxxxxxxxxxxxx> wrote: Well, that's easy. When you know the ports you want to map through the interfaces, just do iptables -t nat -A POSTROUTING -m multiport -p tcp -s 172.17.1.8 --dports 25,110,1723,1701,47 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o eth2 -j MASQUERADE or even better iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o eth2 -j SNAT --to-source $ETH2_IP Those are simple states, you might add --syn or -m state, it's a choice of yours anyway. > Hi! > > I have the following: > > A RedHat 9.0 with 3 Network cards: One we use in local network (eth1) > and the other (eth0 and eth2) to access the internet. > > I'd like to separate the traffic. In the eth0 use only with the e-mail > server (pop, smtp, 1723, 1701 and protocol 47) and the eht0 with others > traffis (http, https, msn....). > > I tried > > iptables -t nat -A POSTROUTING -o eth2 -s 172.17.1.8 -j MASQUERADE > (--this ip addrs is pop and smtp server) > iptables -t nat -A POSTROUTING -o eth0 -s 172.17.0.0/16 -j MASQUERADE > > But when I did this I could not access the port 1723, 1701 and protocol > 47 using the eth2. > > I tried too use only iptables -t nat -A POSTROUTING -o eth2 -s > 172.17.0.0/16 -j MASQUERADE > > And I got the same prob. > > If I use iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -j MASQUERADE > > I will get a success access. Only when I use iptables -t nat -A > POSTROUTING -s 172.17.0.0/16 -j MASQUERADE (without -o eth2 or -o eth0). > > > Who could help me? > > Thanks > > > SebastiРіo AntС„nio Campos > Infojoi Computadores Ltda > Joinville -SC - R. IririСЉ, 3587 > Cml. (47) 437-0796 - Cel. (47) 9927-5349 > tiao@xxxxxxxxxxxxxx > http://www.lupusnet.com.br -- www.supportivo.org I can't stop myself checking for pigs in the outlets. Everybody thinks i'm a punk, cause of the hairstyle(220V). end
