Well, I ended up figuring it out. I swear I tried this early on because this is how I wanted it to work in the first place. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 1524 -i eth0 -j DNAT --to 10.117.1.203:1524 That is all I needed. The machine sits behind another firewall so none of the other chains are necessary. Thanks for all the help. Dan On Fri, Feb 5, 2010 at 3:04 PM, Dan Daugherty <rescue@xxxxxxxxxxxxxx> wrote: > Forgot to mention I'm on a Redhat Enterprise Linux 5 box with the > stock kernel. Tried to compile my own and the build fails > immediately. I assumed that since I can route requests locally, the > kernel was compiled properly for iptables. > > On Fri, Feb 5, 2010 at 3:01 PM, Dan Daugherty <rescue@xxxxxxxxxxxxxx> wrote: >>> Are you using /16 netmask? >> No, I just took the 10.117 part off the ip's to shorten the message. >>> >>> >>> None of them got SNATed. Why? Should they go out through eth0? Try to >>> remove "-o eth0". >> Removed it and no change >>> >>> Also do you have ip.forwarding enabled (sysctl -a | grep forward")? >> net.ipv6.conf.eth0.forwarding = 0 >> net.ipv6.conf.default.forwarding = 0 >> net.ipv6.conf.all.forwarding = 0 >> net.ipv6.conf.lo.forwarding = 0 >> net.ipv4.conf.eth0.mc_forwarding = 0 >> net.ipv4.conf.eth0.forwarding = 1 >> net.ipv4.conf.lo.mc_forwarding = 0 >> net.ipv4.conf.lo.forwarding = 1 >> net.ipv4.conf.default.mc_forwarding = 0 >> net.ipv4.conf.default.forwarding = 1 >> net.ipv4.conf.all.mc_forwarding = 0 >> net.ipv4.conf.all.forwarding = 1 >> >>> >>> Can you reach 10.117.1.205:1521 from sethra (telnet 10.117.1.205 1521)? >>> >> Negative, but the command from sethra fails immediately with nothing >> showing in the logs >> >> There has also been mention of a FORWARD chain being necessary. I >> haven't done anything outside of the commands listed in this thread. >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html