by the way, from B i can see the server on C, so it is not a NIC problem. thanks again. charles On Tue, Jul 8, 2008 at 6:02 PM, Charles Romestant <cromestant@xxxxxxxxx> wrote: > thanks for answer > > hmm tried it and still does not work... > > any ideas, at least to get some debug info... still can t see the > server from a browser on A. > > > On Tue, Jul 8, 2008 at 5:40 PM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: >> On 07/07/08 16:49, Charles Romestant wrote: >>> >>> on C there is a web server, running on port 80, I want to be able to >>> access it through B from A. >>> >>> So basically the ruleset should be on B if its port 80, forward to port 80 >>> on C. >> >> These two rules should do the trick to get the traffic forwarded on through >> B to C. >> >> iptables -t nat -A PREROUTING -i eth0 -d 10.0.1.192 -p tcp --dport 80 -j >> DNAT --to-destination 10.0.10.1 >> iptables -t filter -A FORWARD -i eth0 -o eth1 -d 10.0.10.1 -p tcp --dport 80 >> -j ACCEPT >> >> You will need to make sure that the reply traffic back from C is allowed and >> appears to be from B. >> >> iptables -t filter -A FORWARD -i eth1 -o eth0 -s 10.0.10.1 -p tcp --sport 80 >> -j ACCEPT >> iptables -t nat -A POSTROUTING -o eth0 -s 10.0.10.1 -p tcp --sport 80 -j >> SNAT --to-source 10.0.1.192 >> >>> Any help would be appreciated, thank you in advance, >> >> You are welcome. >> >> >> >> Grant. . . . >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > > > -- > Charz > -- Charz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
