On Thursday 06 June 2002 9:36 pm, [EMAIL PROTECTED] wrote: > I'm NAT'ing it also. Should have put these in my first email I guess. > > $IPTB -A FORWARD -d 1.2.3.4 -p tcp --dport 3389 -j ACCEPT > > $IPTB -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 3389 -j DNAT > --to 192.168.0.1
Okay, so 1.2.3.4 is your original address, and 192.168.0.1 is what you have after it's been translated... > $IPTB -t nat -A POSTROUTING -s 192.168.0.1 -d ! 192.168.0.0/24 -j SNAT > --to 1.2.3.4 Just out of interest, why do you specify this as well ? Does the internal server sometimes initiate connections as well ? You don't need to have this rule if the internal machine only ever *receives* connections from the outside (eg a web server). The reverse translation gets done automatically for you by netfilter. > Prerouting before forwarding? So I need to specify 192.168.0.1 as the > destination in the forward rule? Yes :-) Antony.
