Help!
Sietse van Zanen
sietse at wizdom.nu
Thu Jun 1 14:07:19 CEST 2006
You are doing it exactly as it should be done.
DNAT rules go to PREROUTING CHAIN (as you first want to set the new destination and the do routing)
SNAT rules go to POSTROUTING (usually, as it wouldn't really matter where they go, unless you do source routing).
Ofcourse you will need to ACCEPT the connections in your filter table too.
-Sietse
________________________________
From: netfilter-bounces at lists.netfilter.org on behalf of Stephan Higuti
Sent: Thu 01-Jun-06 13:53
To: netfilter at lists.netfilter.org
Subject: Help!
Hello guys....
I have a question about PREROUTING and POSTROUTING.
I'm making a new firewall script.....
In this script, i put some PREROUTING rules , ex:
####################### Apache ##########################
iptables -t nat -A PREROUTING -d 200.xxx.yyy.zzz -p tcp --dport 80 -j
DNAT --to-destination 192.168.23.7:80
But i need to put some POSTROUTING rules to this?
My situation: My firewall will reply for 4 differents Ip's (reals) ,
one for apache , other for e-mail server, etc............
This PREROUTING rule get a pack that come from internet to a IP "x" ,
and i want that all that incoming to this ip , to be forward to my
internal ip.
So , i think that PREROUTING rules its right... but i dont if i need
to create a POSTROUTING for this.....
Waiting Help....
p.s.:* Sorry for my bad, bad english =D
Cheers
--
---------------------------------------------------------------------
Stephan Higuti
MSN: higutisam at hotmail.com
Email: higuti at fai.com.br
---------------------------------------------------------------------
More information about the netfilter
mailing list