Help!
Stephan Higuti
higuti.sam at gmail.com
Thu Jun 1 14:34:24 CEST 2006
thankz for help guys!
So , its right my rule?
Anyway... look this image:
http://img180.imageshack.us/my.php?image=firewallsemip2ok.jpg
My eth0 reply for 4 reals ip's...
And forward the packs to my servers......... so , PREROUTING its the
right way to do this?
Thank's a lot!
On 6/1/06, Sietse van Zanen <sietse at wizdom.nu> wrote:
> You are doing it exactly as it should be done.
>
> DNAT rules go to PREROUTING CHAIN (as you first want to set the new destination and the do routing)
> SNAT rules go to POSTROUTING (usually, as it wouldn't really matter where they go, unless you do source routing).
>
> Ofcourse you will need to ACCEPT the connections in your filter table too.
>
> -Sietse
>
> ________________________________
>
> From: netfilter-bounces at lists.netfilter.org on behalf of Stephan Higuti
> Sent: Thu 01-Jun-06 13:53
> To: netfilter at lists.netfilter.org
> Subject: Help!
>
>
>
> Hello guys....
> I have a question about PREROUTING and POSTROUTING.
> I'm making a new firewall script.....
> In this script, i put some PREROUTING rules , ex:
>
> ####################### Apache ##########################
> iptables -t nat -A PREROUTING -d 200.xxx.yyy.zzz -p tcp --dport 80 -j
> DNAT --to-destination 192.168.23.7:80
>
> But i need to put some POSTROUTING rules to this?
> My situation: My firewall will reply for 4 differents Ip's (reals) ,
> one for apache , other for e-mail server, etc............
> This PREROUTING rule get a pack that come from internet to a IP "x" ,
> and i want that all that incoming to this ip , to be forward to my
> internal ip.
> So , i think that PREROUTING rules its right... but i dont if i need
> to create a POSTROUTING for this.....
> Waiting Help....
>
> p.s.:* Sorry for my bad, bad english =D
>
> Cheers
>
> --
> ---------------------------------------------------------------------
> Stephan Higuti
> MSN: higutisam at hotmail.com
> Email: higuti at fai.com.br
> ---------------------------------------------------------------------
>
>
>
>
--
---------------------------------------------------------------------
Stephan Higuti
MSN: higutisam at hotmail.com
Email: higuti at fai.com.br
Técnico em Informática
Adm servidores Linux
FAI - Faculdades Adamantinenses Integradas
---------------------------------------------------------------------
More information about the netfilter
mailing list