Hello I have set up double NAT. The request from outside world gets translated to local IP address. iptables -t nat -A PREROUTING -d 62.63.177.216 -j DNAT --to-destination 192.168.100.2 iptables -t nat -A POSTROUTING -d 192.168.100.2 -s 192.168.100.0/24 -j SNAT --to 192.168.100.1 But I want to filter packets. For example I want to allow people from outside access only port 80. I wrote this iptables -A FORWARD -p TCP -d 192.168.100.2 --dport 80 -j ACCEPT iptables -A FORWARD -p TCP -d 192.168.100.2 -j DROP I can connect from outside to port 80 and it is okay. HOWEVER. I can't connect from machine 192.168.100.2 to outside Internet. If I remove these lines and replace with iptables -A INPUT -p TCP -d 62.63.177.216 --dport 80 -j DROP the packets pass trough ignoring this rule. Any hint how to enable packet filtering with double NAT? WBR, Pavels
