DNAT on Debian

Linux Netfilter discussions
 help / color / mirror / Atom feed

* DNAT on Debian
@ 2003-08-31  2:00 Mattia Martinello
  2003-09-03  9:50 ` Ralf Spenneberg
  0 siblings, 1 reply; 2+ messages in thread
From: Mattia Martinello @ 2003-08-31  2:00 UTC (permalink / raw)
  To: netfilter

Hi all

I created a script that setup a set of rules on the nat table.
It works good without any problem on SuSE 8.0, and now I wish to move 
the system on Debian.
I installed Debian and I set the network correctly like on SuSE and I 
copied the script on it.
The scripts shows me no error, and the rules works good, but there is a 
little problem.
The DNATs from the local network works very well (I can see the server 
which is on the DMZ from the local network), but the DNATs from the 
Internet doesn't work! From the Internet (ppp0) i cannot see the server 
which is on the DMZ.
On SuSE 8.0 all works good and I didn't change anything in the script!
The input, output and forward chains are all setted on ACCEPT, like all 
the chains on the nat table.

This works good:
iptables -t nat -A POSTROUTING -s $LocalNET/24 -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $LocalNET/24 -o ppp0 -j ACCEPT
iptables -t nat -A POSTROUTING -s $LocalNET/255.255.255.0 -o eth2 -j 
MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i eth1 -d $PublicIP -j DNAT --to 
$ServerIP

This DOESN'T work!
iptables -t nat -A PREROUTING -p tcp -i ppp0 -d $PublicIP --dport 80 -j 
DNAT --to $ServerIP:80

The kernel in use is 2.4.20 with all netfilter modules.

Where could be the problem? Shall I attach the script?

Thank you very much!
Bye
Mattia.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: DNAT on Debian
  2003-08-31  2:00 DNAT on Debian Mattia Martinello
@ 2003-09-03  9:50 ` Ralf Spenneberg
  0 siblings, 0 replies; 2+ messages in thread
From: Ralf Spenneberg @ 2003-09-03  9:50 UTC (permalink / raw)
  To: Mattia Martinello; +Cc: Netfilter

Am Son, 2003-08-31 um 04.00 schrieb Mattia Martinello:
> Hi all

> On SuSE 8.0 all works good and I didn't change anything in the script!

> This DOESN'T work!
> iptables -t nat -A PREROUTING -p tcp -i ppp0 -d $PublicIP --dport 80 -j 
> DNAT --to $ServerIP:80
Do you get any errors when running the command?

If you did not change anything else, are you sure, that you are using
the same $ServerIP ?

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2003-09-03  9:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-31  2:00 DNAT on Debian Mattia Martinello
2003-09-03  9:50 ` Ralf Spenneberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox