I was messing with this a bit also. I have this:
/sbin/iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -j DNAT --to-destination 192.168.0.2:80 >From the firewall (192.168.0.1) I can do this: {0}:wally:/etc/init.d>telnet 192.168.0.2 80 Trying 192.168.0.2... Connected to 192.168.0.2. Escape character is '^]'. ^] telnet> close Connection closed. {1}:wally:/etc/init.d>telnet 67.165.192.199 80 Trying 67.165.192.199... telnet: Unable to connect to remote host: Connection refused {0}:wally:/etc/init.d>telnet 192.168.0.1 80 Trying 192.168.0.1... telnet: Unable to connect to remote host: Connection refused Thoughts? Thus spake Hereward Cooper ([EMAIL PROTECTED]): > Hi, > Could someone please tell me why this command won't forward any www calls to > 192.168.1.1 (firewall + gateway) to 192.168.1.2 (apache server). > > iptables -t nat -A PREROUTING -p TCP --dport 80 -j DNAT --to-destination > 192.168.1.2:80 > > > What I can't figure is why that doesn't work, when the following command does > work to forward all external ssh requests from the gateway, to the apache > machine. > > iptables -t nat -A PREROUTING -p TCP -i ippp0 --dport 22 -j DNAT > --to-destination 192.168.1.2:22 > > Thanks, > > Hereward > > -- > > GPG Public Key @ > ----: http://www.zadok.uklinux.net/ :---- > "Love is Hate. War is Peace. Windows is Stable?" > "I can bend minds with my spoon" > "Life is short and hard, kind of like a bodybuilding elf" > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] :wq! --------------------------------------------------------------------------- Robert L. Harris | Micros~1 : Senior System Engineer | For when quality, reliability at RnD Consulting | and security just aren't \_ that important! DISCLAIMER: These are MY OPINIONS ALONE. I speak for no-one else. FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'