From: Dave Airlie (airlied at domain csn.ul.ie)
Date: Fri 25 May 2001 - 14:40:07 IST
try after reboot
iptables -A PREROUTING -t nat -p tcp -d <firewall_addr> --dport 80 -j DNAT
--to 192.168.1.6
and for the MASQ rule use
iptables -A POSTROUTING -t nat -s <internalnetwork>/netmask -d 0/0 -j
MASQUERADE
I think the rules you have are over generic... specify specify specify
when writing fw rules.... if your firewall IP is dynamic for the first
rule you might be able to do a script ..
Dave.
On Fri, 25 May 2001, Fergal Moran wrote:
> > From: Dave Airlie [mailto:airlied at domain csn.ul.ie]
> > maybe flush the tables first then try it without the 80...
>
> done
> [root at domain pasteur /root]# iptables -L PREROUTING -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere anywhere tcp dpt:http
> to:192.168.1.6
>
> still the same
>
> > you don't have some other rule blocking it previously?
> how would I find this out then - I wouldn't think so thought because I am
> creating the rules manually every time I reboot and the only other one is
> for masquerading
>
> [root at domain pasteur /root]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> [root at domain pasteur /root]# echo 1 > /proc/sys/net/ipv4/ip_forward
> [root at domain pasteur /root]# iptables -L POSTROUTING -t nat
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- anywhere anywhere
>
> this wouldn't be the cause of the problems would it?
>
> > flush all tables and try just the rule..
> done - still the same
>
> > I'll take another look at the script we have..
> That would be splendid!
>
> > Dave.
> Fergal..
>
>
-- David Airlie, Software Engineer http://www.skynet.ie/~airlied / airlied at domain skynet.ie pam_smb / Linux DecStation / Linux VAX / ILUG person
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:28 GMT