Jim: That did it! I guess the Linksys box was only going to respond to local IP addresses. I was able to use your example to set up the routing for the gre protocol as well. Thank you for your help. Neil -- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com FREE! Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jim Laurino Sent: Sunday, April 29, 2007 9:40 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Port forwarding not working On 04/29/2007 09:06:44 AM, Neil Aggarwal - neil@xxxxxxxxxxxxxxxxxx wrote: > Jim: > > > Maybe you could use SNAT to make the packets appear > > to come from the firewall, then they ought to come back. > > How do I set up the SNAT rule? > This will make the packet look like it came from the firewall: /sbin/iptables -t nat -I POSTROUTING -o eth1 -d $LINKSYS_VPN_IP \ -p tcp --dport 1723 -j SNAT --to-source 192.168.1.1 (where 192.168.1.1 is the ip address of the firewall on eth1 side) If postrouting still has a default drop policy etc. then this rule must be found before the accept rule, that is why it has -I, to put it first. HTH -- Jim Laurino nfcan.x.jimlaur@xxxxxxxx Please reply to the list. Only mail from the listserver reaches this address.
