Re: Iptable NAT problem
It lookes like your having connection trackin issuse, make shure
ip_conntrack is loaded as a mod or compieled in.
Lookes like this thread should just be moved to "Debian Firewall - LIST"
<debian-firewall@lists.debian.org> and off of the other lists.
--- Pradeeper <pradeeper@unionb.com> wrote:
> Hello Peter and Daniel
>
> On Mon, 2004-08-09 at 20:26, deb list wrote:
> > iptables -t nat -A PREROUTING -i eth0 -d 203.94.71.36 \
> > -j DNAT --to-destination 192.168.1.4
> > >
> > > iptables -t filter -A FORWARD -d 203.94.71.36 ... -j ACCEPT
> > and after the DNAT, the destination is re-written to 192.168.1.4
> > so it would need to be..
> > iptables -t filter -A FORWARD -i eth0 -d 192.168.1.4 -j ACCEPT
> Non of these worked :-o
> Nothing wrong in your rules though. According to my ISP, I have to put a
> route entry in my internet router (IBM 2210) to listen to "203.94.71.36"
> ip.
> To verify this, I put a prerouting rule to nat 192.168.1.4 to my
> firewall's ip. Rule is like this,
>
> iptables -t nat -A PREROUTING -i eth0 -d 203.94.71.42 -j DNAT
> --to-destination 192.168.1.4
>
> And a post routing like,
>
> iptables -t nat -A POSTROUTING -s 192.168.1.4 -o eth0 -j SNAT
> --to-source 203.94.71.45
>
> And it worked :-)
>
> I don't want to play with my internet router (since it will effect to my
> whole network). Is there anyway of doing this?
> Or is this the only way I can do?
>
> Thanks for the help!
>
> Pradeeper
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
Reply to: