On Wednesday 01 February 2006 01:18 am, Edward Shornock wrote: > On Thu, Feb 02, 2006 at 07:11:07AM +0800, Jon Miller wrote: > > I'm having a major problem trying to forward packets from either a > > workstation of the LAn to the Internet. I want to be sure I'm doing > > this correctly. > > > > I set a forward rule: > > $IPT -A FORWARD -i $INT_IFACE -o eth1 -p tcp --dport 1262 -j ACCEPT > > > > Then I set a PREROUTING rule > > $IPT -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT > > --to-destination 192.168.xxx.xxx > > > > All I can see using tethereal on the network is SYN packets. > > > > Any idea what I'm doing wrong? > > try > $IPT -t nat -A PREROUTING -i $EXT_IFACE -p tcp --dport 1262 -j DNAT > --to-destination 192.168.xxx.xxx > > The forward rule looks OK.
if it's *from* the LAN *to* the internet, shouldn't it be: if you have a static outside IP $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j DNAT --to-source $EXT_IP or, if your outside IP is dhcp assigned $IPT -t nat -A POSTROUTING -o $EXT_IFACE -p tcp --dport 1262 -j MASQUERADE -anoop. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]