Hello,
I'm having problems with iptables in a particular setup.
I have defined following interfaces:
eth0 Link encap:Ethernet HWaddr 00:40:F4:74:52:7F
inet addr:157.x.x.100 Bcast:157.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35403126 errors:50773 dropped:3204 overruns:43088 frame:0
TX packets:11556310 errors:0 dropped:0 overruns:2 carrier:0
collisions:0 txqueuelen:100
RX bytes:1389250309 (1.2 GiB) TX bytes:3291432340 (3.0 GiB)
Interrupt:10 Base address:0xa000
eth0:1 Link encap:Ethernet HWaddr 00:40:F4:74:52:7F
inet addr:157.x.x.9 Bcast:157.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0xa000
eth0:2 Link encap:Ethernet HWaddr 00:40:F4:74:52:7F
inet addr:157.x.x.24 Bcast:157.x.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0xa000
eth1 Link encap:Ethernet HWaddr 00:50:BA:C6:5D:14
inet addr:10.0.0.254 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11618570 errors:0 dropped:16714 overruns:0 frame:0
TX packets:33498523 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3306224212 (3.0 GiB) TX bytes:1148042990 (1.0 GiB)
Interrupt:9 Base address:0x6100
eth1 goes to a switch that has the 10.0.0.0/24 subnet behind it.
The default policy of all tables is accept (for now)
I want to forward all trafic on port 80 on eth0:1 to 10.0.0.75:80
I want to forward all trafic on port 25 on eth0:2 to 10.0.0.76:25
I want to forward all trafic on port 22 on eth0:2 to 10.0.0.76:22
I have run the following rules:
iptables -t nat -A PREROUTING -p tcp -d 157.x.x.9 --dport 80 -j DNAT --to-destination
10.0.0.75:80
iptables -t nat -A POSTROUTING -s 10.0.0.75 -p tcp --source-port 80 -o eth0 -j SNAT
--to-source 157.x.x.9
iptables -t nat -A PREROUTING -p tcp -d 157.x.x.24 --dport 25 -j DNAT --to-destination
10.0.0.76:25
iptables -t nat -A POSTROUTING -s 10.0.0.76 -p tcp --source-port 25 -o eth0 -j SNAT
--to-source 157.x.x.24
iptables -t nat -A PREROUTING -p tcp -d 157.x.x.24 --dport 22 -j DNAT --to-destination
10.0.0.76:22
iptables -t nat -A POSTROUTING -s 10.0.0.76 -p tcp --source-port 22 -o eth0 -j SNAT
--to-source 157.x.x.24
And this works for people outside our local network. But when inside
the local lan it does not work. People can not connect to .9 en .24
from inside the lan.
I think something is missig but what?
Thanks in advance
--
Rudy Gevaert [EMAIL PROTECTED]
Web page http://www.webworm.org
GNU/Linux user and Savannah hacker http://savannah.gnu.org
If you haven't got anything nice to say about anybody, come
sit next to me. - Alice Roosevelt Longworth (1884-1980)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
