ok it was set to 0, but changing it did not do anything, here is the iptables-save output root@charz-server:/home/charz# iptables-save # Generated by iptables-save v1.3.6 on Tue Jul 8 15:09:21 2008 *nat :PREROUTING ACCEPT [1273:171111] :POSTROUTING ACCEPT [37:5861] :OUTPUT ACCEPT [41:6213] -A PREROUTING -d 10.0.1.192 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.10.1 -A POSTROUTING -s 10.0.10.1 -o eth0 -p tcp -m tcp --sport 80 -j SNAT --to-source 10.0.1.192 COMMIT # Completed on Tue Jul 8 15:09:21 2008 # Generated by iptables-save v1.3.6 on Tue Jul 8 15:09:21 2008 *filter :INPUT ACCEPT [7428:682763] :FORWARD ACCEPT [1:48] :OUTPUT ACCEPT [2978:507120] :fail2ban-ssh - [0:0] :spa - [0:0] -A FORWARD -d 10.0.10.1 -i eth0 -o eth1 -p tcp -m tcp --dport 80 -j ACCEPT -A FORWARD -s 10.0.10.1 -i eth1 -o eth0 -p tcp -m tcp --sport 80 -j ACCEPT COMMIT # Completed on Tue Jul 8 15:09:21 2008 Again , thank you for your help On Wed, Jul 9, 2008 at 3:07 PM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > On 07/08/08 14:20, Charles Romestant wrote: >> >> ok, flushed all tables, and all chains, changed back the policy to accept, >> and then reentered the rules you sent me before Grant. And still no dice. > > *nod* > > <snip> > >> still the prerouting seems to be matching but the others stay at 0. > > Agreed. > >> At the moment i m still reading documentation to see if i can spot the >> mistake, thanks again for the help. >> >> Why would the prerouting accept and not continue to postrouting? > > If ip forwarding is not enabled, things may not do what they need to. What > is your /proc/sys/net/ipv4/ip_forward file set to? Try setting it to 1. > > echo "1" > /proc/sys/net/ipv4/ip_forward > > Also, can I get a current iptables-save output? > > > > Grant. . . . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Charz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
