From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Adrian C." Subject: Re: iptables problem Date: Tue, 15 Feb 2005 22:25:17 +0200 Message-ID: <60a7468905021512255eb91675@mail.gmail.com> References: <200502151139.54059.fluca1978@infinito.it> <42125709.8020204@netshadow.at> Reply-To: "Adrian C." Mime-Version: 1.0 Content-Transfer-Encoding: 7bit In-Reply-To: <42125709.8020204@netshadow.at> Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii" To: Andreas Unterkircher Cc: linux-admin@vger.kernel.org, fluca1978@infinito.it Luca, please paste your iptables -L -n output here. It's much easier to follow. --Adrian. On Tue, 15 Feb 2005 21:09:45 +0100, Andreas Unterkircher wrote: > As far as I can see and unterstand your intend, you are only forwarding > (FORWARD-Chain) the internal request to the external interfaces. > Since private networks (10/8, 172.16/16, 192.168/24) are not routed in > the public internet you have to masquerade (NAT) the outgoing > request, so it doesn't contain the internal ips anymore: > > -A POSTROUTING -s 192.168.2.0/255.255.255.0 -d 212.97.32.2 -i eth1 -o eth1 -p tcp > -m tcp --dport 53 -j SNAT --to $YOUR_EXTERNAL_IP_IN_THE_INTERNET > > > Luca Ferrari wrote: > > >On Tuesday 15 February 2005 11:30 Your Name's cat walking on the keyboard > >wrote: > > > > > > > >>The Input interface and output Interface are the same eth1, where as it > >>should have been -i eth0 -o eth1. Match ur interface numbers and it > >>should work. > >> > >> > >> > > > >No, that's right since the machine is, temporarily. working with a single > >interface. In other words, eth1 is now the incoming/outgoing interface. > > > >Luca > > > > > > > > > - > To unsubscribe from this list: send the line "unsubscribe linux-admin" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >