From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aleksander Kamenik Date: Tue, 25 Sep 2007 08:44:25 +0000 Subject: Re: [LARTC] DNAT PREROUTING issue with IPTABLES Message-Id: <46F8CA69.70009@krediidiinfo.ee> List-Id: References: <7ed6b0aa0709242228u211036fdoa33ffa47519ecb2e@mail.gmail.com> In-Reply-To: <7ed6b0aa0709242228u211036fdoa33ffa47519ecb2e@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Indunil Jayasooriya wrote: > > I have not added it to prerouting chain. I added just > now. Forward, input and output chains have it. PREROUTING must not have it. Only the three filter chains and only if you use the state machine. > telnet 2.3.4.5 25 > > it accepts, It works. > OK, so DNAT at the second firewall works already. I missed that. > Now what I need is that I want to telnet to first firewall, then, it > will forward to second firewall, second firewall will forward to actual > mail server. Yes I got that. Anyway, it's hard to guess without seeing all the rules of the first firewall. Do any other DNAT's at the first firewall work already? Is forwading enabled? "cat /proc/sys/net/ipv4/ip_forward" should be "1". Oh, and by the way. I assumed your routing is in place. Is the the second firewalls default route (gateway) the first firewall? You can look at it with "ip route list | grep default". If 1.2.3.4 and 2.3.4.5 are both external IP's then it's probably the problem. -- Aleksander Kamenik system administrator +372 6659 649 aleksander@krediidiinfo.ee Krediidiinfo AS http://www.krediidiinfo.ee/ _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc