564
Subj : Re: IPTables forwarding rule
To   : alt.linux,alt.os.linux,comp.os.linux,aus.computers.linux
From : Harry Phillips
Date : Sun Jul 25 2004 07:44 pm

caliban@rootshell.be wrote:
>>
>>Do I use the NAT and PREROUTING, POSTROUTING, FORWARD? I have examples 
>>from the Internet if the Linux box and the host it is forwarding to are 
>>on different networks but not when they are on the same network.
> 
> 
> I assume you tried DNAT on the PREROUTING chain?
> The problem is probably with routing --
> your packets from ADSL modem are going to the linux box and
> having their destination IP rewritten as .1.50 but the source IP
> remains
> ADSL so when the .1.50 box replies to these it will send the packets
> to ADSL and thus the default router (.1.254) knowing nothing of this
> connection drops them.
> 
> The trick is to both DNAT on the PREROUTING chain and SNAT on the
> POSTROUTING chain (twice nat?)
> eg
> $IT -t nat -A PREROUTING -j DNAT -p tcp -s $ADSL -d $ALIAS --dport
> $PORT --to-destination=192.168.1.50:$PORT
> 
> $IT -t nat -A POSTROUTING -j SNAT -p tcp -s $ADSL -d 192.168.1.50
> --dport $PORT
> --to-source=$ALIAS
> 
> 
> Where ALIAS is an IP alias for your linux box and ADSL is your modem
> IP.

Thanks you very much I have tried this and it works exactly they way I 
want it to.

-- 
Regards,
Harry Phillips

.

0