Maybe been a problem inside of the firewall but I need sure that my rules are right. thanks Em 30 de setembro de 2011 12:58, Pandu Poluan <pandu@xxxxxxxxxxx> escreveu: > > On Sep 30, 2011 8:52 PM, "Usuário do Sistema" <maiconlp@xxxxxxxxx> wrote: >> >> Hello everyone, >> >> >> I'm needing that my inside network accesses some IPs which are in the >> my firewall wan interfaces. for exemplo, in the firewall there is the >> IP 200.247.222.1 on the wan interface. those has a destination NAT to >> a inside network machine for FTP protocol. so from Internet to >> ftp://200.247.222.1 it's Working! but from my inside network to >> ftp://200.247.222.1 isn't Working. >> >> I've done some rules as follow: >> >> >> iptables -t nat -I PREROUTING -s 128.2.0.0/24 -d 200.247.222.1 -p tcp >> --dport 21 -j DNAT --to-destination 128.2.8.214 >> >> iptables -t nat -I POSTROUTING -s 128.2.0.0/24 -d 200.247.222.1 -o >> bond0 -j SNAT --to-source 128.2.7.16 >> > > I'm betting that this is the problem. After the packet has undergone DNAT in > PREROUTING, the destination is no longer 200.247.222.1 but 128.2.8.214, so > the SNAT rule isn't triggered. > >> iptables -I FORWARD -s 128.2.0.0/24 -d 200.247.222.1 -j ACCEPT >> > > Also add a rule to ACCEPT packets from 128.2.0.0 destined to 128.2.0.0. > > Rgds, > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
