From mboxrd@z Thu Jan  1 00:00:00 1970
From: Grant Taylor <gtaylor@riverviewtech.net>
Subject: Re: DNAT not working
Date: Fri, 22 Dec 2006 14:38:44 -0600
Message-ID: <458C4254.4060007@riverviewtech.net>
References: <458BF3C2.4050700@initon.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-bounces@lists.netfilter.org>
In-Reply-To: <458BF3C2.4050700@initon.com>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-bounces@lists.netfilter.org
Errors-To: netfilter-bounces@lists.netfilter.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: Mail List - Netfilter <netfilter@lists.netfilter.org>

Balazs Fulop wrote:
> # Generated by iptables-save v1.3.5 on Fri Dec 22 14:23:36 2006
> *nat
> :PREROUTING ACCEPT [58:10171]
> :POSTROUTING ACCEPT [13:1459]
> :OUTPUT ACCEPT [13:1459]
> -A PREROUTING -d aaa.bbb.ccc.fff -i eth0 -p tcp -m tcp --dport 25 -j 
> DNAT --to-destination 192.168.3.1
> -A PREROUTING -j LOG --log-prefix "PREROUTING: " --log-level 7
> COMMIT

<snip>

> If I telnet 192.168.3.1 25 on the firewall, an SMTP session starts. If I 
> telnet from outside (coming on eth0), it waits until timeout. I just 
> can't figure out why it is not working. At last I removed all the IP 
> aliases, and it didn't work that way either. There is nothing relevant 
> in /var/log/syslog. I have 1 in /proc/sys/net/ipv4/ip_forward.


It does not look like you are SNATing / MASQUERADing your traffic back 
out to the internet.



Grant. . . .