nat PREROUTING is ok. filter FORWARD is ok. Well, rules sounds good to me. You said that all was working fine before a reboot. Do you install some hardware in this machine? All interfaces (eth0, eth1) was correctly configured after reboot? And try to follow traffic using tcpdump on interfaces eth0 and eth1. On 4/24/06, Davis Sylvester <dsylvesteriii@xxxxxxxxx> wrote: > > For some reason my firewall was working fine until a > reboot and now none of the DNAT is working. The most > important thing is that the e-mail server is not > receiving mail, it sends just fine. Also no one can > access squirrel mail, again works fine internally. > > *nat > :PREROUTING ACCEPT [6384:872118] > :POSTROUTING ACCEPT [156:10133] > :OUTPUT ACCEPT [1681:126170] > -A PREROUTING -d 1.1.1.25 -i eth1 -p tcp -m tcp > --sport 1024:65535 --dport 25 -j DNAT --to-destination > 192.168.150.20 > -A PREROUTING -d 1.1.1.25 -i eth1 -p tcp -m tcp > --sport 1024:65535 --dport 110 -j DNAT > --to-destination 192.168.150.20 > -A PREROUTING -d 1.1.1.25 -i eth1 -p tcp -m tcp > --sport 1024:65535 --dport 143 -j DNAT > --to-destination 192.168.150.20 > -A PREROUTING -d 1.1.1.200 -i eth1 -p tcp -m tcp > --sport 1024:65535 --dport 80 -j DNAT --to-destination > 192.168.150.200 > :FORWARD ACCEPT [2955:564452] > -A FORWARD -d 192.168.150.20 -i eth1 -o eth0 -p tcp -m > tcp --sport 1024:65535 --dport 25 -m state --state NEW > -j ACCEPT > -A FORWARD -d 192.168.150.20 -i eth1 -o eth0 -p tcp -m > tcp --sport 1024:65535 --dport 110 -m state --state > NEW -j ACCEPT > -A FORWARD -d 192.168.150.20 -i eth1 -o eth0 -p tcp -m > tcp --sport 1024:65535 --dport 143 -m state --state > NEW -j ACCEPT > -A FORWARD -i eth0 -o eth1 -m state --state > RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -i eth1 -o eth0 -m state --state > RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -d 192.168.150.200 -i eth1 -o eth0 -p tcp > -m tcp --sport 1024:65535 --dport 80 -m state --state > NEW -j ACCEPT
