Security World: RE: Port forwarding and local firewall connections

Thursday, July 12, 2007

> iptables -t nat -A PREROUTING -i ! $DMZIF -p tcp --dport 80
> -j DNAT --to 192.168.10.2

> iptables -A FORWARD -p tcp -d
> 192.168.10.2 --dport 80 -j ACCEPT

The correspondign SNAT should be:

Iptables -t nat -A POSTROUTING -p tcp -s 192.168.10.2 --sport 80 -o ! $DMZIF
-j SNAT --to-source 10.10.10.12

... Or something like this ;o) man iptables should help.

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Security World