On Thu, 2012-02-02 at 12:52 -0500, Dimitri Yioulos wrote: > I changed the ip addy of the test server to 192.168.1.11, back on the > DMZ subnet. I now have partial success, as I can ping the gateway > (75.x.x.30). So can I :) > I think I have the correct SNAT and DNAT rules to reach this > on port 80, but I can't reach it via 75.x.x.27, which is its external > address. Nor can I ping it. You need to add the .27 address to the interface that is connected to the 75.144.186.30 Cisco router (eth3?). You should then be able to ping 75.144.186.27 from the internet. Once that is working, it should just be a matter of adding the DNAT rule for 192.168.1.11 to forward from eth3. > I don't know if it's helpful, but I've attached what I hope is a new, better > network map. That's pretty good, but missing a few helpful things such as the interface names, which I think you had on previous diagrams. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
