From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Unterkircher Subject: Re: iptables problem Date: Tue, 15 Feb 2005 21:09:45 +0100 Message-ID: <42125709.8020204@netshadow.at> References: <200502151139.54059.fluca1978@infinito.it> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit In-Reply-To: <200502151139.54059.fluca1978@infinito.it> Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: linux-admin@vger.kernel.org Cc: fluca1978@infinito.it As far as I can see and unterstand your intend, you are only forwarding (FORWARD-Chain) the internal request to the external interfaces. Since private networks (10/8, 172.16/16, 192.168/24) are not routed in the public internet you have to masquerade (NAT) the outgoing request, so it doesn't contain the internal ips anymore: -A POSTROUTING -s 192.168.2.0/255.255.255.0 -d 212.97.32.2 -i eth1 -o eth1 -p tcp -m tcp --dport 53 -j SNAT --to $YOUR_EXTERNAL_IP_IN_THE_INTERNET Luca Ferrari wrote: >On Tuesday 15 February 2005 11:30 Your Name's cat walking on the keyboard >wrote: > > > >>The Input interface and output Interface are the same eth1, where as it >>should have been -i eth0 -o eth1. Match ur interface numbers and it >>should work. >> >> >> > >No, that's right since the machine is, temporarily. working with a single >interface. In other words, eth1 is now the incoming/outgoing interface. > >Luca > > > >