Roland Häder wrote:
192.168.1.1 is my router, 192.168.1.1x are my clients, both have a
"default gateway" set to 192.168.1.1 and /etc/resolve.conf has a
nameserver entry pointing only to 192.168.1.1
Not right that "both" have the default gw to 192.168.1.1 Only the
clients on 192.168.1.0/24 have to. The router (the server where you are
writing the iptables rules) need another gw!
I want to pass through from my LAN (eth1) to Internet (eth0/ppp0)
regular things like Mail, Newsgroups and such things. So I need to
masq my private network 192.168.1.0 on eth1 to the Internet. And this
is no longer working.
Seen the rules, this must work.
Try
IP -F -t nat
IP -F FORWARD
IP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
IP -A FORWARD -i eth1 -m state --state NEW -j LOG --log-prefix "NEW FW"
IP -A FORWARD -i eth1 -j ACCEPT
IP -A POSTROUTING -o eth0 -m state --state NEW -j LOG --log-prefix "NEW POR"
IP -A POSTROUTING -o eth0 -j MASQUERADE
I want to route traffic from Internet on TCP/UDP port 31017 which is
being used by Descent2-Rebirth to my client 192.168.1.17. I used
PREROUTE and FORWARD for this.
For this into the above iptables.list there are no rules!
IP -A PREROUTING -i eth0 -p tcp --dport 30017 -j DNAT --to-destination
192.168.1.17
and add the forward one
Like I wrote above it *has* worked, until I have upgraded the farly
outdated kernel which should be done on regular basis. I guess you
know why. :)
I don't know about this....
Michele
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
