Re: nat and prerouting

[yoann <debian-yoann@ifrance.com>]

Peter Palfrader a écrit:

> On Sun, 03 Nov 2002, yoann wrote:
>
> > iptables -A PREROUTING -i eth0 -t nat -p tcp -d IpAddServer --dport 81 \
> > -j DNAT --to-destination 192.168.0.2:80
>
>
> you have forwarding enabled?
> eth0 is your external interface?
> all other tables and chains are empty and their policy ACCEPT?

sorry i made a mistake when i have done the copy/past, in the right 
rule, it's without the "-o eth0"
in fact it try to contact the web server but there a time-out and it 
said it can't contact the web server
with and without the firewall it's the same

I try this (no firewall):
# iptables -A FORWARD -j ACCEPT
# iptables -A OUPUT -j ACCEPT
# iptables -A INPUT -j ACCEPT
# iptables -A PREROUTING -t nat -p tcp -d IpAddServer --dport 81 -j DNAT 
--to-destination 192.168.0.2:80
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere          

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere          

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere  

> yours,
> peter



__________________________________________________________________
Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo !
Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w