From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Andrew St. Jean" Subject: trying to get oddball setup to work Date: Sat, 26 Jul 2003 09:18:52 -0400 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3F227FBC.6000403@sympatico.ca> Reply-To: "Andrew St. Jean" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org I'm hoping someone can tell me if what I'm trying to do is possible and if so, how. Here's a picture of my network topology: machine x-------internet---------machine y-----private LAN----host a/b/c Machine x has one interface with a public static IP. Machine y has two interfaces, one with a public dynamic IP and the other with a private static IP. Both machines x and y have iptables installed and running. I have an ipsec tunnel (using FreeS/Wan) working between machines x and y. With this tunnel I can ping any of the hosts on my private LAN from machine x. I can also mount a shared partition from, say, host b onto machine x. I include this just to show that the ipsec tunnel is working. What I want to do is use NAT to forward certain ports on machine x to machines on my private LAN. Right now, if I open a port in iptables on machine x, I can connect to machine x from the internet on that port. If I try to forward the port to host c, packets seem to disappear on machine x. I can see the packets arrive at machine x using tcpdump but nothing goes out again. Thanks for any help provided. Andrew