You are doing it exactly as it should be done. DNAT rules go to PREROUTING CHAIN (as you first want to set the new destination and the do routing) SNAT rules go to POSTROUTING (usually, as it wouldn't really matter where they go, unless you do source routing). Ofcourse you will need to ACCEPT the connections in your filter table too. -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Stephan Higuti Sent: Thu 01-Jun-06 13:53 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Help! Hello guys.... I have a question about PREROUTING and POSTROUTING. I'm making a new firewall script..... In this script, i put some PREROUTING rules , ex: ####################### Apache ########################## iptables -t nat -A PREROUTING -d 200.xxx.yyy.zzz -p tcp --dport 80 -j DNAT --to-destination 192.168.23.7:80 But i need to put some POSTROUTING rules to this? My situation: My firewall will reply for 4 differents Ip's (reals) , one for apache , other for e-mail server, etc............ This PREROUTING rule get a pack that come from internet to a IP "x" , and i want that all that incoming to this ip , to be forward to my internal ip. So , i think that PREROUTING rules its right... but i dont if i need to create a POSTROUTING for this..... Waiting Help.... p.s.:* Sorry for my bad, bad english =D Cheers -- --------------------------------------------------------------------- Stephan Higuti MSN: higutisam@xxxxxxxxxxx Email: higuti@xxxxxxxxxx ---------------------------------------------------------------------
