Rasmus B�g Hansen writes: > On Wed, 10 Apr 2002, Ian Truelsen wrote: > >> iptables -t nat -A PREROUTING -p tcp --destination-port 25 -j DNAT --to >> 192.168.100.1:25 >> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j DNAT --to >> 192.168.100.1:80 >> iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j DNAT --to >> 192.168.100.1:443 > > You only want to do that for outgoing connections, that is put '-i ppp0' > in each of these three lines. > I was under the impression that, to get the mail (25) and web (80, 443) requests heading to the correct box (192.168.100.1), that this would have to be done for incoming requests.
> Probably you want to allow these connections too: > > iptables -A FORWARD -i ppp0 -o eth1 -d 192.168.100.1 -p tcp --dport 25 > -j ACCEPT > iptables -A FORWARD -i ppp0 -o eth1 -d 192.168.100.1 -p tcp --dport 80 > -j ACCEPT > iptables -A FORWARD -i ppp0 -o eth1 -d 192.168.100.1 -p tcp --dport 443 > -j ACCEPT > As I read this, this would mean that any port 25, 80, or 443 request incoming on ppp0, is accepted and sent to eth1 and the mail/web server box (192.168.100.1). These lines then should replace the lines that I formerly had in there, correct? >> # Set up IP FORWARDing and Masquerading >> iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE >> iptables --append FORWARD --in-interface eth1 -j ACCEPT > > Looks fine. > I hope so. It is the only part of the thing that I have gotten to work so far :) What I am still a little foggy on is why the three lines at the top, the ones that I had, would interfere with the masquerading line above. Anyway, I'll give these changes a try and see what happens. Thanks. Ian Truelsen Masters program in Philosophy University of Manitoba, Winnipeg, Canada BA (Wilfrid Laurier University) Email: [EMAIL PROTECTED]
