On Wed, May 15, 2002 at 09:52:27PM +1000, Kenneth wrote: > Hi Oskar and others, > > Problem solved after made the following changes. Thanks for all help. > > /sbin/iptables -t nat -A PREROUTING -p tcp -d $INET_IP --dport 80 -j DNAT --to >$HTTP_IP > /sbin/iptables -t nat -A POSTROUTING -p tcp -d $HTTP_IP --dport 80 -j SNAT --to >$LAN_IP
You shouldn't need to do this should you? The source IP of the packets should still be the host out on the Internet. Yeah? > /sbin/iptables -t nat -A OUTPUT -p tcp -d $INET_IP --dport 80 -j DNAT --to $HTTP_IP Do you need this rule in the OUTPUT table if it's already in the PREROUTING table? I must admit I still don't quite see how chains and tables mix, but I don't think you need this rule in both places. Also I'd guess your internal host doesn't have a the Internet facing host as its default gateway, hence needing to rewrite the source IP as $LAN_IP, am I right? <fscking huge snip> -- FunkyJesus System Administration Team
