Le samedi 10 février 2007 à 03:45 -0500, Jorge Canas a écrit : > How do I configure the firewall rules on the gw so that the port forwarding > also occurs when my other local network machines try to go to the website > via the public domain name? You have to extend your SNAT rule so thoses machines egts NATed when trying to reach this webserver using its public IP, otherwise, you'll get a triangle situation where your webserver sends its SYN/ACK directly through the LAN with its private IP. Something like: iptables -t nat -A POSTROUTING -s $LAN -d $WebServPrivIP \ -j SNAT --to-source $GWPrivIP BTW, it's a FAQ, but I agree it might be difficult to find relevant answers in the wild. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
