Hi Stewart, I changed the script to just the following lines now but I still can not access internal website. Other things are fine:
/sbin/iptables -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -t nat -A PREROUTING -p tcp -i $INET_IFACE -d $INET_IP --dport 80 -j DNAT --to 192.168.1.200:80 /sbin/iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -p tcp -i $INET_IFACE -d 192.168.1.200 --dport 80 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward /bin/echo 1 > /proc/sys/net/ipv4/ip_dynaddr /bin/echo 1 > /proc/sys/net/ipv4/ip_forward for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done Any help ? -- Best regards, Kenneth mailto:[EMAIL PROTECTED] Wednesday, May 15, 2002, 5:26:43 PM, you wrote: ST> Ken: ST> Try it with the adjustments below. Also make sure you also have a rule to ST> allow the machine to ST> get back out from the Internal Network to the Internet. Also if there are ST> other rules in your script, make ST> sure the packet isn't dropped by a preceding rule before it reaches your ST> DNAT and FORWARDING rule. ST> Stu.......... ST> -----Original Message----- ST> From: [EMAIL PROTECTED] ST> [mailto:[EMAIL PROTECTED]]On Behalf Of Kenneth ST> Sent: May 15, 2002 12:06 AM ST> To: [EMAIL PROTECTED] ST> Subject: Newbie question ST> Hi all, ST> I'm new to the list and have a question here: ST> eth0 has a public IP address ST> eth1 has a private IP address ST> Attached is my iptable script. This script enables internal machines ST> communicate with public website and email. But it cannot give access ST> to website in internal web server(192.168.1.200:80). ST> /sbin/iptables -t nat -A PREROUTING -p tcp -i $INET_IFACE -d ST> INET_IP --dport 80 -j DNAT --to 192.168.1.200:80 ST> /sbin/iptables -A FORWARD -m state --state NEW,ESTABLISHED, RELATED -p ST> tcp -i $INET_IFACE -d 192.168.1.200 --dport 80 -j ACCEPT ST> Any help/idea is appreciated. ST> -- ST> Best regards, ST> Kenneth mailto:[EMAIL PROTECTED]
