I have an interesting iptables question that has nothing to do with firewalls. We have a masqueraded network that uses the 192.168.x.0 network with netmask 255.255.255.0. The network's gateway machine has its own two gateways, one to the Internet (the default route) and one to another network on the inside. The latter gateway is numbered 192.168.x.252 and its destination network is a.b.c.0 with the netmask 255.255.255.0. From the masqueraded network's gateway, I can access all machines on the a.b.c.0 network. What I would like to do is forward one port on the masqueraded network's gateway to a port on a machine on the a.b.c.0 network so it can be accessible from the Internet. I have tried the following with no success: iptables -A PREROUTING -t nat -p tcp -d <Internet accessible IP address> --dport x -j DNAT --to a.b.c.104:y Ordinary masquerading to the Internet is functional. Also functional: iptables -A PREROUTING -t nat -p tcp -d <Internet externally accessible IP address> --dport x -j DNAT --to 192.168.x.53:y I don't see why the former iptables command doesn't work while the latter does. Any suggestions? John -- John GOTTS <jgotts@xxxxxxxxxxxxxx> http://linuxsavvy.com/staff/jgotts
