On Fri, 2009-07-31 at 14:42 +0100, Andrew Clayton wrote: [.. accessing outside IPs on a NAT router from the inside network ...] > I can't help but think I'm missing something simple. Then again does > what I'm trying to do make sense? Just don't DNAT/SNAT packets from the internal network to your public IPs, there is no need for it anyway. e.g. do something like this before your other DNATs $IPTABLES -t nat -A PREROUTING -i eth1 -s 192.168.0.0/16 -p tcp -d $HOST_E -j RETURN Plus, of course, you need to allow access to that IP/port from the internal network in the INPUT chain of the filter table. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
