Pascal Hambourg a écrit :
Guillaume a écrit :
I think you 2 problems in your rules:
- The chains in NAT table must not be set to drop. NO filtering in
nat table.
- You forgot to add the rules to autorise traffic coming from eth0:0
to your internal host. After a DNAT rule, you need to explicitely
autorise the corresponding traffic.
Ab i think, I've don't read any rule related to that.
For example, you set this rule:
iptables -t nat -A PREROUTING -d 172.10.10.2 -p tcp --dport 80 -j DNAT
--to-dest 192.168.0.2
You must set this rule:
iptables -t filter -A FORWARD -i eth0:0 -p tcp -d 192.168.0.2 --dport
80 -j ACCEPT
And the same for all incoming traffics.
This is correct except for one detail : the interface eth0:0 does not
exist. It is only an alias and is not used by either the routing nor
iptables. You muse use the real interface name, eth0.
hhhmmm
Ok :-)
I never use alias on interface... :-)
Thx for correcting me
Guillaume
--
Guillaume
E-mail: silencer_<at>_free-4ever_<dot>_net
Blog: http://guillaume.free-4ever.net
----
Site: http://www.free-4ever.net
