Hi, Am Montag, 20. Aug 2007, 16:34:31 +0200 schrieb Ruben Laban: > On Monday 20 August 2007, Bertram Scharpf wrote: > > > > # iptables -t nat -A PREROUTING -d 192.168.7.33 -p tcp --dport 80 \ > > -j DNAT --to 192.168.7.49:80 > > > > Besides that I want to know what is going wrong here, > > You need to 'fix' the reply traffic, by using a rule like: > # iptables -t nat -A POSTROUTING -i eth0 -d 192.168.7.49 -p tcp --dport 80 \ > -j SNAT --to 192.168.7.33 iptables v1.3.5: Can't use -i with POSTROUTING > With recent kernels this can be done more elegantly by using the conntrack > module: > # iptables -t nat -A POSTROUTING -d 192.168.7.49 -m conntrack --ctorigdst \ > 192.168.7.49 -j SNAT --to 192.168.7.33 Seems it's "... --ctorigdst 192.168.7.33 -j ...". Works fine. Thanks! Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de
