Hi, I have a T1 router that provides me with two public ips: 13.47.77.2 and 13.47.77.3. There are two linux boxes, (each with two Ethernet cards) acting as the gateways to a 192.168.1.0 network sitting behind each public ip. My question is how do I get a browser on 192.168.1.30 sitting behind 13.47.77.2 to reach a web server on 192.168.1.2 sitting behind 13.47.77.3. Usually I use something like the following rule to forward ports from outside ips to internal ips on the 192.168.1.0 networks: '/sbin/iptables -t nat -A PREROUTING -p tcp --dport $MYPORT -j DNAT --to 192.168.1.2:80' so.. all my previous natting experience was for trying to let machines on the outside communicate with my networks behind the 13.47.77.2 and 13.47.77.3 public ips.. the iptables command above works great fot that. let's say the hostname(eth0-ip, eth1-ip) of the first gateway are floyd1(13.47.77.2, 192.168.1.1) and the hostname(eth0-ip, eth1-ip) of the 2nd gateway floyd2(13.47.77.3, 192.168.1.1)and I'm trying to make a browser on 192.168.1.30 behind floyd1 talk to the web server on 192.168.1.2 behind floyd2 that is listening on port 80. The default gateways are currently set to 13.47.77.1 on both floyd1 and floyd2. What are the iptables commands that I need to make this thing fly? I feel like I should have a pair of iptables commands on each gateway to do the job. One of them being a -j DNAT and the other being a -j SNAT to handle both directions.. I'm also wondering what is the 'best practice' for this situation where you have a T1 router with networks sitting behind each public ip that need to talk to each other.. -- -jamil ------------------------------------------------------------- Jamil Egdemir unclejamil@xxxxxxxxx AIM: unclejamil YahooMessenger: uncle_jamil http://grad.physics.sunysb.edu/~jamil (631) 338-3170 (cell) -------------------------------------------------------------
