Hy all,
I have still a problem using DNAT with two DMZ servers behind a FW. One server is for mail, the other for websites. Both servers are connected through the FW to the internet and are for public use. Everything works fine so far, but when I try to connect to the Webserver from the Mailserver (or vice versa), the connection is locked. There seems to be a routing problem but I have no clue where to search. Please find a short iptables configuration running on the firewall below. Many thanks for your help. Benjamin --- ## fw.sh IPTABLES=/usr/sbin/iptables IFCONFIG=/sbin/ifconfig EXT=eth0 DMZ=eth1 ## ## IP Adresses ## EXT_FW=194.125.250.2 DMZ_FW=192.168.1.1 # Webserver EXT_NEO=194.125.250.71 DMZ_NEO=192.168.1.71 # Mailserver EXT_MAIL=194.125.250.10 DMZ_MAIL=192.168.1.10 $IFCONFIG eth0:1 $EXT_NEO up $IFCONFIG eth0:2 $EXT_MAIL up $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -X # For testing purposes only! $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -t nat -A POSTROUTING -o $EXT -j SNAT --to-source $EXT_FW $IPTABLES -t nat -A PREROUTING -d $EXT_NEO -j DNAT --to-destination $DMZ_NEO $IPTABLES -t nat -A PREROUTING -d $EXT_MAIL -j DNAT --to-destination $DMZ_MAIL ## EOF fw.sh ---
