From: "Gonzalez, Federico" <fgonzalez@goyaike.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: DNAT question..
Date: Thu, 24 Jul 2003 10:37:47 -0300 [thread overview]
Message-ID: <3F1FE12B.EB91AB1B@goyaike.com> (raw)
In-Reply-To: Pine.LNX.4.44.0307241040530.20694-100000@localhost
Hi Rio,
I think the problem is in the destination IP address, you have to use the
external IP, so i think the rule should be:
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 211.1.1.10
--dport 80 -j SNAT --to 192.168.1.1
Hope this help
Federico.
Chris Wilson wrote:
> Hi Rio,
>
> > > You need to SNAT internal connections so that replies go via the
> > > firewall instead of directly to the client, otherwise the firewall
> > > cannot reverse the DNAT and the client drops the reply packet.
> > > Try this rule:
> > > iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.2
> > > --dport 80 -j SNAT --to 192.168.1.1
> >
> > i dont know, i tried but it still wont connect to webserver.
> > Connection Refused.
>
> Is it possible that an earlier rule in the POSTROUTING chain is overriding
> this one? Could you try:
>
> iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 192.168.1.2
> -p tcp --dport 80 -j MASQUERADE
>
> If that doesn't work, please send your ruleset (iptables -L -n -v;
> iptables -t nat -L -n -v) and tcpdump of packets on the internal interface
> of your firewall when you try to connect.
>
> Cheers, Chris.
> --
> ___ __ _
> / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer |
> / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk |
> \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
next prev parent reply other threads:[~2003-07-24 13:37 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-24 7:00 DNAT question Rio Martin.
2003-07-24 8:29 ` Philip Craig
2003-07-24 8:56 ` Rio Martin.
2003-07-24 9:42 ` Chris Wilson
2003-07-24 13:37 ` Gonzalez, Federico [this message]
2003-07-24 14:16 ` Cedric Blancher
2003-07-24 16:22 ` Not quite understanding DNAT Coutts, Ashe (Testing Account)
2003-07-24 16:43 ` Aldo S. Lagana
2003-07-25 0:14 ` Philip Craig
2003-07-25 9:47 ` Chris Wilson
2003-07-25 10:10 ` Cedric Blancher
[not found] <3F1FDDFB.469242E1@goyaike.com>
2003-07-24 14:15 ` DNAT question Chris Wilson
2003-07-25 2:41 ` Rio Martin.
-- strict thread matches above, loose matches on Subject: below --
2004-02-23 21:23 dnat question John Black
2004-02-24 4:18 ` John A. Sullivan III
2004-02-25 15:48 ` Antony Stone
2004-02-24 8:56 ` Antony Stone
2004-03-12 2:14 DNAT question Old Cowhand
2004-06-14 14:35 Arnauts, Bert
2004-06-14 14:51 ` Antony Stone
2004-06-14 15:12 ` John A. Sullivan III
2004-06-15 11:40 ` John A. Sullivan III
2004-06-14 17:05 Arnauts, Bert
2005-10-07 3:32 dnat question Gene Dellinger
2006-02-14 20:48 James Edward Stickland
2006-02-15 0:23 ` Edmundo Carmona
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F1FE12B.EB91AB1B@goyaike.com \
--to=fgonzalez@goyaike.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox