Please Help on DNAT
Lambert Antoine LOMBE
acerfi@iccnet.cm
Sun, 30 Jul 2000 22:46:42 +0100
C'est un message de format MIME en plusieurs parties.
------=_NextPart_000_0012_01BFFA78.07A8DD70
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Please help. My DNAT is not working at all. When I try to get my www or =
mail server from outside, they are not responding.
I have one internet IP adress and wish to build in my lan a web and mail =
server with private IP adresses. This is what I put in my=20
iptables chains from a script. Note tha the local lan interface is eth1 =
and the outside one is eth0 and that from the local net=20
(192.168.1.0), all is working fine.
LNET=3D192.168.1.0/24
LPC=3D209.198.243.17
ANY 0.0.0.0/0
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -t nat -F OUTPUT
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s $LNET -d $ANY -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d $LPC -j DNAT =
--to 192.168.1.2:80
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80 -d $LPC -j DNAT =
--to 192.168.1.2:80
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -d $LPC -j DNAT =
--to 192.168.1.3:25
Please, what is not going on in my script ?
------=_NextPart_000_0012_01BFFA78.07A8DD70
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>Please help. My DNAT is not working at =
all. When I=20
try to get my www or mail server from outside, they are not =
responding.<BR>I=20
have one internet IP adress and wish to build in my lan a web and mail =
server=20
with private IP adresses. This is what I put in my <BR>iptables chains =
from a=20
script. Note tha the local lan interface is eth1 and the outside one is =
eth0 and=20
that from the local net <BR>(192.168.1.0), all is working =
fine.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial =
size=3D2>LNET=3D192.168.1.0/24<BR>LPC=3D209.198.243.17<BR>ANY=20
0.0.0.0/0<BR>iptables -F INPUT<BR>iptables -F OUTPUT<BR>iptables -F=20
FORWARD<BR>iptables -t nat -F PREROUTING<BR>iptables -t nat -F=20
POSTROUTING<BR>iptables -t nat -F OUTPUT<BR>iptables -P OUTPUT=20
ACCEPT<BR>iptables -P INPUT ACCEPT<BR>iptables -P FORWARD =
ACCEPT<BR>iptables -t=20
nat -P OUTPUT ACCEPT<BR>iptables -t nat -P POSTROUTING =
ACCEPT<BR>iptables -t nat=20
-P PREROUTING ACCEPT<BR>iptables -t nat -A POSTROUTING -o eth0 -s $LNET =
-d $ANY=20
-j MASQUERADE<BR>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 =
-d $LPC=20
-j DNAT --to 192.168.1.2:80<BR>iptables -t nat -A PREROUTING -i eth0 -p =
udp=20
--dport 80 -d $LPC -j DNAT --to 192.168.1.2:80<BR>iptables -t nat -A =
PREROUTING=20
-i eth0 -p tcp --dport 25 -d $LPC -j DNAT --to =
192.168.1.3:25</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Please, what is not going on in my =
script=20
?</FONT></DIV></FONT></DIV></BODY></HTML>
------=_NextPart_000_0012_01BFFA78.07A8DD70--