From: "Rio Martin." <rio@martin.mu>
To: netfilter@lists.netfilter.org
Subject: Re: DNAT question..
Date: Fri, 25 Jul 2003 09:41:05 +0700 [thread overview]
Message-ID: <200307250941.05066.rio@martin.mu> (raw)
In-Reply-To: <Pine.LNX.4.44.0307241510310.20694-100000@localhost>
On Thursday 24 July 2003 21:15, you wrote:
> Hi Federico,
> > I think the problem is in the destination IP address, you have to use
> > the external IP, so i think the rule should be:
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 211.1.1.10
> > --dport 80 -j SNAT --to 192.168.1.1
> I don't think that's true in this case. As far as I know, after the
> destination address has been rewritten in PREROUTING, all subsequent hooks
> (FORWARD and POSTROUTING) will see the new destination address, not the
> original. But please correct me if I'm wrong.
Finally I found the answer to my own problem.. (:
# Rules that handles request to local webserver from outside
iptables -t nat -A PREROUTING -p tcp -d 211.1.1.10 --dport 80 -j DNAT --to
192.168.1.2
# Rules that handles request from local network to local webserver
iptables -t nat -I POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.2 --dport
80 -j SNAT --to 211.1.1.10
Enter both rules, thats it ..
From local or outside i tried to surf http://211.1.1.10 and both request
entered the webserver successfully.
Thanks for everyone helped me specially with " -I POSTROUTING " rules. That
help much ..
Regards,
Rio Martin.
-
"When in doubt, tell the truth."
-- Mark Twain
next prev parent reply other threads:[~2003-07-25 2:41 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3F1FDDFB.469242E1@goyaike.com>
2003-07-24 14:15 ` DNAT question Chris Wilson
2003-07-25 2:41 ` Rio Martin. [this message]
2006-02-14 20:48 dnat question James Edward Stickland
2006-02-15 0:23 ` Edmundo Carmona
-- strict thread matches above, loose matches on Subject: below --
2005-10-07 3:32 Gene Dellinger
2004-06-14 17:05 DNAT question Arnauts, Bert
2004-06-14 14:35 Arnauts, Bert
2004-06-14 14:51 ` Antony Stone
2004-06-14 15:12 ` John A. Sullivan III
2004-06-15 11:40 ` John A. Sullivan III
2004-03-12 2:14 Old Cowhand
2004-02-23 21:23 dnat question John Black
2004-02-24 4:18 ` John A. Sullivan III
2004-02-25 15:48 ` Antony Stone
2004-02-24 8:56 ` Antony Stone
2003-07-24 7:00 DNAT question Rio Martin.
2003-07-24 8:29 ` Philip Craig
2003-07-24 8:56 ` Rio Martin.
2003-07-24 9:42 ` Chris Wilson
2003-07-24 13:37 ` Gonzalez, Federico
2003-07-24 14:16 ` Cedric Blancher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200307250941.05066.rio@martin.mu \
--to=rio@martin.mu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.