Fri, 20 Jul 2001 21:14:20 -0500
> When installing a firewall box I am having problems with getting stuff
> to the DMZ from outside. I <think> that it is a routing problem. I am
> using NAT to translate DMZ servers from private addess to real IP.
> Line is
> iptables -t nat -A PREROUTING -d $REAL -j DNAT --to-destination
> iptables -t nat -A POSTROUTING -s $PRIVSER -j SNAT --to-source $REAL
I'm going to assume you have forwarding turned on.
You didn't show us your forwarding rules, and you'll need at least one
to handle the packets after the destination is changed by the first
Something like: iptables -A FORWARD -d to-destination -j ACCEPT
> This appears to work correctly in a test situation where I added
> static routes to the "real" ip addresses. Do I need to add a route to
> the router that goes something like, real ip's -> external IP on
> firewall box? I haven't changed router at all. Is currently acting as
> router for class C network.
Assuming your firewall is connected directly to these machines, you
shouldn't need to define static routes (they're local addresses to the