From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adrian Chung <adrian@enfusion-group.com>
Date: Tue, 05 Jun 2001 14:55:59 +0000
Subject: Re: [LARTC] Redirecting wayward traffic
Message-Id: <marc-lartc-99175303632646@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-99174669408206@msgid-missing>
In-Reply-To: <marc-lartc-99174669408206@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Tue, Jun 05, 2001 at 08:09:41AM -0500, David Talbot wrote:
> #THIS IS THE PROBLEM LINE
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.1
> #THIS IS THE PROBLEM LINE

I tried this on my 2.4.5 box, and it works just fine -- as long as the
--to <address> isn't the same box I'm attempting to connect from.
IOW, as long as the webserver isn't on the same box I'm attempting to
browse outside the firewall with.

When I tried to DNAT to the same box I was running lynx on, I just got
a timeout.  When I switched to DNAT to a different box, all requests
went there properly.

--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[rogue.enfusion-group.com] up 28 days, 22:07, 2 users


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/