ronan lopes wrote:
I am having problems to use DNAT in one gateway with external interface ppp0 and internal interface eth1 Already I placed MTU low 890 of eth0 very; but ppp0 only connects with MTU 1492 would like to reduce this MTU, therefore when I use the rule:iptables -A FORWARD -p tcp -m tcp --tcp-flags \ SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtuandiptables -t nat -I PREROUTING -p tcp --dport 3389 \ -j DNAT --to 10.0.0.7 it does not function! --------------------------------- Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora!
HiI think, if I remember you don't need to touch the MTU of eth0... only ppp0 need to be set to 1492 or less if using any type of VPN...
I also think, if I remember that you don't need the iptables rule with clamp-mss-to-pmtu if you change the MTU manually !
For the DNAT, after the DNAT rule, you need to allow the traffic in the table "filter" with a rule like that:
iptables -t filter -A FORWARD -m state --state NEW \ -i <external interface> -o eth1 -d 1.0.0.7 --dport 3389 -j ACCEPTI'm sure about this point.... after a DNAT, you MUST allow the traffic in table "filter"
Regards Guillaume -- Guillaume E-mail: silencer_<at>_free-4ever_<dot>_net Blog: http://guillaume.free-4ever.net ---- Site: http://www.free-4ever.net