Hi nickd, >> /sbin/iptables -t nat -A PREROUTING -p tcp -d $INET_IP --dport 80 -j DNAT --to >$HTTP_IP This is for the External box to access the web server located in lan.
>> /sbin/iptables -t nat -A POSTROUTING -p tcp -d $HTTP_IP --dport 80 -j SNAT --to >$LAN_IP This is for the machine in lan to access the web server located in same lan. nfo> You shouldn't need to do this should you? The source IP of the packets nfo> should still be the host out on the Internet. nfo> Yeah? >> /sbin/iptables -t nat -A OUTPUT -p tcp -d $INET_IP --dport 80 -j DNAT --to $HTTP_IP This for the firewall machine to access the web server located in same lan. Maybe not necessary, right ? nfo> Do you need this rule in the OUTPUT table if it's already in the PREROUTING nfo> table? I must admit I still don't quite see how chains and tables mix, but nfo> I don't think you need this rule in both places. nfo> Also I'd guess your internal host doesn't have a the Internet facing nfo> host as its default gateway, hence needing to rewrite the source IP as nfo> $LAN_IP, am I right? It does have the Internet facing host as its default gateway. I'm very new to IPtable and most of this changes are come from Oskar's mail and it works. My config is: Gateway: eth0:Internet Connection(ADSL) eth1:lan(192.168.1.100) Web server: eth0:lan(192.168.1.200) gateway is set to 192.168.1.100 Am I doing something wrong ? -- Best regards, Kenneth mailto:[EMAIL PROTECTED]
