From mboxrd@z Thu Jan 1 00:00:00 1970 From: Unknown Subject: PRE and POST routing ... Date: 15 Nov 2002 15:49:27 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1037368167.4958.4.camel@rayw.knowledgefactory.co.za> Reply-To: raymondl@knowledgefactory.co.za Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-1Uh1VKZ/5TgJ5QFYQEgS" Return-path: From: Raymond Leach Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Netfilter Mailing List --=-1Uh1VKZ/5TgJ5QFYQEgS Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi If I have a web server in my DMZ, then I have a PREROUTING rule to redirect incoming traffic to the server, like : $IPTABLES -t nat -A PREROUTING -i $IFACE_INET -p tcp --dport 80 -d $IP_INET_WEB1 -j DNAT --to $IP_INT_WEB1 I also have the FORWARDing rules ... Do I need a POSTROUTING rule in the nat table for return/reply traffic, or is that automagically handled by nat? Obviously I have the FORWARD rule to forward the replies from $IP_INT_WEB1 back to the source. Ray --=20 --=-1Uh1VKZ/5TgJ5QFYQEgS Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA91Ptmh1fuR/Bv+ygRAhW7AJ9irTlsU4QvwxzS6jhJ6PPJxIUZHwCfctHI iMPs7QLCXsEzTfWjgWkzuF0= =JbMJ -----END PGP SIGNATURE----- --=-1Uh1VKZ/5TgJ5QFYQEgS--