No with this the conecction DEAD! i supouse when have NAT lose de gateway is this possible? because when apply the rules the connection to internet from 192.168.1.33 lost. its very rare no? If anyone have another idea please send me!!!! :( > > I send this question again if is possible to anyone help me. or if is > > possble. > > > > > Hi, Me AGAIN and my iptables problem.! :( > > > > > > again description my net and my problem. > > > > > > Have a 200.40.226.64 /28 net *public NET > > > have a 192.168.1.0 /24 net *private NET > > > > > > have a 200.40.226.66 server running iptables * Is the gateway > > > > > > have a VoIp box THIS is the PROBLEM. > > > i need to put behind the firewall and have the address 192.168.1.33 but > > > i need to outside with 200.40.226.69 and received external requirements > > > with this ip but iptables not function for me. i Put this lines but dont > > > work i need Route? or something else??? > > > > > > iptables -t nat -A POSTROUTING -s 192.168.1.33/255.255.255.255 -o eth0 > > > -j SNAT --to 200.40.226.70 > > > > > > iptables -t nat -A PREROUTING -s 200.40.226.70/255.255.255.255 -i eth0 > > > -j DNAT --to 192.168.1.33 > > > > > I've only set up NAT once, so I'm not sure if I can help you, but here goes: > > Have you set up forwarding? On my setup I had to make sure that traffic from > the computer behind the firewall was forwarded. I would try something like > this on your setup: > > # Forwarding ALL traffic from your internal lan on the ethernet device > # $LAN_IFACE: Or you could do something similar to the line accepting traffic > # from 200.40.226.70. > $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT > > $IPTABLES -A FORWARD -s 200.40.226.70 -d 192.168.1.33 -j ACCEPT > > # Accepting forwarded traffic started by > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > # Then > > iptables -t nat -A POSTROUTING -s 192.168.1.33 -o eth0 -j SNAT --to-source \ > 200.40.226.70 > iptables -t nat -A PREROUTING -i eth0 -d 200.40.226.70 -j DNAT \ > --to-destination 192.168.1.33 > > # You could probably be a bit more restrictive than the above lines. > > -- > Øystein Olsen, oystein.olsen@astro.uio.no, http://folk.uio.no/oeysteio > Institute of Theoretical Astrophysics, http://www.astro.uio.no > University of Oslo, Norway > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list ---end quoted text--- -- Pablo Allietti LACNIC Registro de Direcciones de Internet para America Latina y el Caribe Registro de Enderecamento de Internet para America Latina e Caribe Latin American and Caribbean Internet Addresses Registry Potosi 1517 Montevideo - Uruguay Tel. +598 2 6015846 // 6062822 Fax: 6015599 -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
