From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mattia Martinello Subject: DNAT on Debian Date: Sun, 31 Aug 2003 04:00:59 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3F5156DB.7080407@mattiamartinello.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org Hi all I created a script that setup a set of rules on the nat table. It works good without any problem on SuSE 8.0, and now I wish to move the system on Debian. I installed Debian and I set the network correctly like on SuSE and I copied the script on it. The scripts shows me no error, and the rules works good, but there is a little problem. The DNATs from the local network works very well (I can see the server which is on the DMZ from the local network), but the DNATs from the Internet doesn't work! From the Internet (ppp0) i cannot see the server which is on the DMZ. On SuSE 8.0 all works good and I didn't change anything in the script! The input, output and forward chains are all setted on ACCEPT, like all the chains on the nat table. This works good: iptables -t nat -A POSTROUTING -s $LocalNET/24 -o ppp0 -j MASQUERADE iptables -t nat -A POSTROUTING -s $LocalNET/24 -o ppp0 -j ACCEPT iptables -t nat -A POSTROUTING -s $LocalNET/255.255.255.0 -o eth2 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -i eth1 -d $PublicIP -j DNAT --to $ServerIP This DOESN'T work! iptables -t nat -A PREROUTING -p tcp -i ppp0 -d $PublicIP --dport 80 -j DNAT --to $ServerIP:80 The kernel in use is 2.4.20 with all netfilter modules. Where could be the problem? Shall I attach the script? Thank you very much! Bye Mattia.