Problems with PREROUTING
Daryl Martin
darylm@tera.engr.mun.ca
Mon, 7 Jan 2002 19:05:21 -0330 (NST)
Rimantas,
In your second rule you are trying to access the local interface
with a destination of your external IP address (this will never be
valid). For this rule to be valid you will have to add the internal IP
insted of the external IP.
iptables -t nat -A PREROUTING -i eth1 -p tcp -d 192.168.1.1 --dport 80 -j
DNAT --to-destination 10.105.105.198:80
That rule should work.
Cheers,
Daryl Martin
Computer Engineering
Memorial Universtiy
darylm@engr.mun.ca
On Mon, 7 Jan 2002, Rimantas Mocevicius wrote:
> Hi folks,
>
>
> I have the Firewall and Web servers.
> I use PREROUTING to forward from external IP to internal IP this command:
>
> iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $EXTERNALIP --dport 80 \
> -j DNAT --to-destination 10.105.105.198:80
> and tried to add this:
> iptables -t nat -A PREROUTING -i $LOCAL_INTERFACE_1 -p tcp -d $EXTERNALIP --dport 80 \
> -j DNAT --to-destination 10.105.105.198:80
>
> Everything works fine except I can't open my web page from internal network.
>
> Any ideas?
>
>
>
> Cheers
>
> Regards
>
> Rimas
>
>