Hi,
I'm running 2.4.18 w/ almost all of the pending and extra p-o-m patches
applied. I've enabled Local Nat in the kernel, but all iptables
features are modular. I'm using iptables 1.2.6a.
My setup is eth0 = internet, eth1 = intranet.
One problem I'm having is when I want to DNAT an OUTPUT rule that is say
traffic to the external IP of the box, it is coming from lo, not eth0.
Ex. iptables -t nat -A OUTPUT -d 1.2.3.4 -o eth0 -p tcp --dport 80 -j
DNAT --to-destination 192.168.1.5
does not match but if I change from eth0 to lo then it matches and the
lo interface pretends to be 1.2.3.4 for both source and dest. When did
this become the way it works?
The other problem is when I want to DNAT an OUTPUT rule where the
destination is outside our network, say yahoo.com, the rule appears to
work fine, but instead of sending the traffic out eth1 (to the internal
network), it still trys to go out eth0 (the external interface).
Ex. iptables -t nat -A OUTPUT -d www.yahoo.com -o eth0 -p tcp --dport
80 -j DNAT --to-destination 192.168.1.5
I see in the logs that the source ip is now 192.168.1.1 (internal ip on
firewall) and dest is 192.168.1.5, but it is going out eth0. Even if I
remove the check for -o eth0, it still tries going out eth0.
Any hints, insights, etc. would be appreciated.
Thanks,
--
James A. Pattie
[EMAIL PROTECTED]
Linux -- SysAdmin / Programmer
PC & Web Xperience, Inc.
http://www.pcxperience.com/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
