[ILUG] Routing.
Martin Feeney
martin at tuatha.org
Tue Jan 15 18:08:52 GMT 2002
On Tue, 15 Jan 2002 16:41:18 Mark Kilmartin wrote:
> I'm still having the same problem packets arrive on one interface but
> try to return on another interface(The default route)
Sorry, misread your email. The problem is with your firewall rules.
Are you using iptables or ipchains? What are the rules your firewall
builder churns out for you?
What you need for port forwarding is something like:
iptables -A PREROUTING -t nat -p tcp -d d.e.f.1 --dport 80 -j DNAT \
--to 192.168.0.8:80
for iptables.
You can check this via "iptables -t nat -L -n".
It's a little more complicated if you're using ipchains. If you're using
a firewall builder, I'd advise switching to iptables if the firewall
builder supports it.
Essentially you have to exclude port 80 communication from the internal
host being masqueraded by ipchains so that ipmasqadm can pick it up
properly.
iptables is nicer as it's all one mechanism and the PREROUTING chain is
executed before anything else.
Martin.
More information about the ILUG
mailing list