Re: nat help!
David Panofsky a écrit :
In one of your posts you mentioned that the web server is not directly
connected to the internet. That caused me to think about it's routing
configuration... Does this server (10.30.143.1) have a route to get
back to the NAT box (10.30.142.12)?
It's a little more complicated. The serveur must have a route to the
*client* address *via* the NAT box.
But again, without more detail from Luis, all we can do is speculate
endlessly.
Another possible problem that you may be having is due to how you're
accessing the NATed service. Are your trying to access it from a third
computer on the other side of the NAT box, or from that box itself? I
know it can be tricky to get a packet originating from the NAT server
itself to be properly processed by the iptables rules.
It's not that tricky, you just need to copy the DNAT rule in the OUTPUT
chain. And of course you need a Linux kernel version >= 2.4.19, and for
versions < 2.4.29, it must have been compiled with the option
CONFIG_IP_NF_NAT_LOCAL enabled.
PS : Could people posting on this list cut unnecessary quote in their
replies, and avoid HTML ? Thanks.
Reply to: