Guillaume a écrit :
I think you 2 problems in your rules:
- The chains in NAT table must not be set to drop. NO filtering in nat
table.
- You forgot to add the rules to autorise traffic coming from eth0:0 to
your internal host. After a DNAT rule, you need to explicitely autorise
the corresponding traffic.
Ab i think, I've don't read any rule related to that.
For example, you set this rule:
iptables -t nat -A PREROUTING -d 172.10.10.2 -p tcp --dport 80 -j DNAT
--to-dest 192.168.0.2
You must set this rule:
iptables -t filter -A FORWARD -i eth0:0 -p tcp -d 192.168.0.2 --dport 80
-j ACCEPT
And the same for all incoming traffics.
This is correct except for one detail : the interface eth0:0 does not
exist. It is only an alias and is not used by either the routing nor
iptables. You muse use the real interface name, eth0.
