dnatting
Scott
gneamob at yahoo.com
Mon Jul 11 17:24:29 CEST 2005
You may need to install, additionally, a web proxy,
such as squid and tell iptables to use it as a
transparent proxy for all internal machines, like
this:
iptables -t nat -A POSTROUTING -s
192.168.10.0/255.255.255.0 -i ethX -p tcp -m tcp
--dport 80 -j DNAT --to-destination 192.168.10.1:3128
where ethX is the interface on the internal network.
-Scott
--- Payal Rathod <payal-netfilter at scriptkitchen.com>
wrote:
> Hi,
> I have a rule on my friend's broadband connection to
> redirect traffic
> from outside to an internal machine like,
>
> iptables -A PREROUTING -d 1.2.3.4 -p tcp -m tcp
> --dport 80 -j DNAT \
> --to-destination 192.168.10.10:80
>
> But she complained that people from inside the
> network cannot do
> http://1.2.3.4 in their browser and see the site. Is
> she correct?
> What is wrong with my rule because I can see the
> site from outside?
>
> Thanks in advance.
> With warm regards,
> -Payal
>
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the netfilter
mailing list