# catch all redirects to registration server
iptables -t nat -A PREROUTING -i eth1 -p tcp -dport 80 -j DNAT
--to-destination ${REGISTRATION_SERVER}
iptables -t nat -A POSTROUTING -o eth0 -p tcp -dport 80 -j SNAT
--to-source ${EXTERNAL_ADDRESS}
iptables -t nat -A PREROUTING -i eth1 -p tcp -dport 80 -j DNAT
--to-destination ${REGISTRATION_SERVER}
iptables -t nat -A POSTROUTING -o eth0 -p tcp -dport 80 -j SNAT
--to-source ${EXTERNAL_ADDRESS}
Did you mean to post the same rules twice? Or am I really just missing something?
what i want to do is if i type in ${REGISTRATION_SERVER} in my address
bar on the client system, then i dont want the firewall to do any DNAT
or SNAT. what is the best way to accomplish this?
Try changing your DNAT rule to be like the following:
iptables -t nat -A PREROUTING -i eth1 -p tcp -d ! ${REGISTRATION_SERVER} -dport 80 -j DNAT --to-destination ${REGISTRATION_SERVER}
As this will DNAT any traffic that is not going to your ${REGISTRATION_SERVER} directly.
Grant. . . .
