On 9/25/07, Aleksander Kamenik <[EMAIL PROTECTED]> wrote: > > Indunil Jayasooriya wrote: > > > > I have not added it to prerouting chain. I added just > > now. Forward, input and output chains have it. > > PREROUTING must not have it. Only the three filter chains and only if > you use the state machine.
NOTED > telnet 2.3.4.5 <http://2.3.4.5> 25 > > > > it accepts, It works. > > > > OK, so DNAT at the second firewall works already. I missed that. > > > Now what I need is that I want to telnet to first firewall, then, it > > will forward to second firewall, second firewall will forward to actual > > mail server. > > Yes I got that. > > Anyway, it's hard to guess without seeing all the rules of the first > firewall. Do any other DNAT's at the first firewall work already? > > Is forwading enabled? "cat /proc/sys/net/ipv4/ip_forward" should be "1". > > YES > > Oh, and by the way. I assumed your routing is in place. Is the the > second firewalls default route (gateway) the first firewall? > Oh yeah, This is the POINT. > SECOND Firewall's default route (gateway) is NOT the FIRST firewall. BOTH firewall's default route (gateway) is the router given by our ISP. I think this is the case. > > > If 1.2.3.4 and 2.3.4.5 are both external IP's then it's probably the > problem. YES, this is the ip block given by our ISP. I got 8 internet ips. But they all recide is the same subnet that is 255.255.255.248 Hope to hear from you. -- Thank you Indunil Jayasooriya
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc