You may need to install, additionally, a web proxy, such as squid and tell iptables to use it as a transparent proxy for all internal machines, like this: iptables -t nat -A POSTROUTING -s 192.168.10.0/255.255.255.0 -i ethX -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.1:3128 where ethX is the interface on the internal network. -Scott --- Payal Rathod <payal-netfilter@xxxxxxxxxxxxxxxxx> wrote: > Hi, > I have a rule on my friend's broadband connection to > redirect traffic > from outside to an internal machine like, > > iptables -A PREROUTING -d 1.2.3.4 -p tcp -m tcp > --dport 80 -j DNAT \ > --to-destination 192.168.10.10:80 > > But she complained that people from inside the > network cannot do > http://1.2.3.4 in their browser and see the site. Is > she correct? > What is wrong with my rule because I can see the > site from outside? > > Thanks in advance. > With warm regards, > -Payal > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
