From mboxrd@z Thu Jan  1 00:00:00 1970
From: ThE PhP_kiD <gregoriandres@yahoo.com.ar>
Date: Thu, 17 Jul 2003 00:32:38 +0000
Subject: [LARTC] DNAT rare problem...
Message-Id: <marc-lartc-105840234313782@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi!

I've the next network:

                        inet
                          |
                          |
                          | 20.5.90.194/26
                          | 20.5.90.195/26
                ---------------------
                |        eth0       |
                |                   |
                |  internet gateway |
                |                   |
                |        eth1       |
                ---------------------
                          | 192.168.100.254/24
                          | 192.168.210.254/24
                          |
       +------------------+-----+----------------+
       |                        |                |
       | 192.168.100.1/24       | 192.168.210.1  | 
       |                        |                |192.168.210.2
--------------          +------------+       +--------+
|   eth0     |          |   host 1   |       | host 2 |
| SENDMAIL   |          +------------+       +--------+
--------------
                        

The internet gateway is a linux 2.4.21 with iptables 1.2.8
On eth0, it haves two IPs public:
        20.5.90.194/26
        20.5.90.195/26

Since I can't to route last public IPs, and I need to run
a Sendmail server that can be visible from internet, I have maked
a DNAT rule, (and some SNAT rules too, in order to provide
internet access to LAN)

# iptables -L -t nat -n  

give me the next:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       all  --  0.0.0.0/0            200.5.90.195       to:192.168.100.1
ACCEPT     all  --  192.168.100.1        0.0.0.0/0
ACCEPT     all  --  192.168.210.1        0.0.0.0/0
ACCEPT     all  --  192.168.210.2        0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            192.168.100.0/24
SNAT       all  --  192.168.100.1        0.0.0.0/0          to:20.5.90.195
SNAT       all  --  192.168.210.1        0.0.0.0/0          to:20.5.90.194
SNAT       all  --  192.168.210.2        0.0.0.0/0          to:20.5.90.194


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

>From Internet (wan site), I can reach without problems the Sendmail server
host, making ping to 20.5.90.195, and open port 25.

>From Lan side (hosts 192.168.102.1 or 192.168.102.2), I can ping to 20.5.90.195
but I can't to open port 25... 

(but sometimes, I can do it !!)   

What happen ????????

Thank you very very much in advance.
Mac

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/