Hi guys, I have some question regarding snat / dnat witch iptables. Here is what I do 1. setup a packetfilter linuxbox with 3 interfaces. ETH0: Connected to the internet (public ip) ETH1: DMZ with stmp server 10.2.0.0/24 ETH2: Internal LAN with ip address 10.1.0.0/24
Snat all to the official ip address Dnat all incoming to the smtp server See the and of mail for a iptables -t nat -L And now the question :-) If I do a telnet to mail.mailwatch.com 25 (simulating smtp) is all I get SYN_SENT and that is no connection from the DMZ. The packet filter has no problem to establish a connection. PLEASE explain me why Thanks in advance Thomas Hilgert ----------------- Here are the rules to play: Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT all -- anywhere anywhere to:10.2.0.2 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- anywhere anywhere to:212.23.129.186 Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@gw1 iproute2]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT all -- anywhere anywhere to:10.2.0.2 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- anywhere anywhere to:212.23.129.186 Chain OUTPUT (policy ACCEPT) target prot opt source destination
