Hello! I have apache2 behind a firewall / gateway / router. I want to setup firewall so, that one can it reach from the internet. I red the documentations: Linux 2.4 Packet Filtering HOWTO from Rusty Russell Linux 2.4 NAT HOWTO from Rusty Russell man iptables Setting up a simple Debian gateway <http://www.debian-administration.org/articles/23> etc. I setup my firewall-gateway so I can: to browse the internet, from the box behind firewall, to use ekiga, gaim, but one can't to reach from the internet my apache2 server on that box behind firewall. I have a public IP, a registered domain name: csanyi-pal.info. The iptables rules in iptables-save file on firewall are: --------------------------------------------------------> # Generated by iptables-save v1.3.6 on Mon Jul 16 15:18:29 2007 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Mon Jul 16 15:18:29 2007 # Generated by iptables-save v1.3.6 on Mon Jul 16 15:18:29 2007 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Jul 16 15:18:29 2007 # Generated by iptables-save v1.3.6 on Mon Jul 16 15:18:29 2007 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ! ppp0 -m state --state NEW -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 25 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 5060 -j ACCEPT -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o ppp0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Mon Jul 16 15:18:29 2007 --------------------------------------------------------< My ISP has a weird setup; to connect to ISP, I must use pptp-linux, and iproute: interfaces: -----------> auto eth0 sks-tunnel iface eth0 inet dhcp iface sks-tunnel inet ppp provider sks-tunnel up /etc/network/ip-up down /etc/network/ip-down # connection to LAN auto eth1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 -----------< ip-up file: -----------> #!/bin/sh echo "Wait 10 seconds to ppp0 bringing up.." sleep 10 ip route add 192.168.16.1 via 192.168.70.1 dev eth0 ip route replace default dev ppp0 echo "Set up the firewall." iptables-restore < /etc/network/IPTABLES_rules # set up forwarding echo 1 > /proc/sys/net/ipv4/ip_forward -----------< My question is: how to set up the DNAT with iptables in my case, so one can to reach from the internet my apache2 server behind the firewall? Any advices will be appreciated! -- Regards, Paul Csányi http://www.freewebs.com/csanyi-pal/index.htm