Thanks, Yang. Sorry if I didn´t clarify this point. Yes, all my rules work fine from external connections. But I need this type of access from the firewall... R ----- Original Message ----- From: "Yang Xiao" <yxiao2004@xxxxxxxxx> To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> Sent: Monday, August 23, 2004 12:03 PM Subject: Re: iptables - lo interface problem > On Mon, 23 Aug 2004 11:27:09 -0400, Rodolfo Alcázar > <rodolfo.alcazar@xxxxxxxxxxxx> wrote: > > Hi, this is my first post. Greetings all of you! > > > > I have a 3-card (internet, LAN, DMZ) firewall installed. I have configured > > this rule for users who wants to visit my web site: > > > > iptables -t nat -A PREROUTING -d 200.80.120.71 -p tcp -m tcp --dport 80 -j > > DNAT --to-destination 192.168.1.2:80 > > (explained: If a internet users requests http service from 200.87.120.71, > > the request is redirected to 192.168.1.2 on my DMZ) > > > > but when I type "$ lynx www.mysite.org" from my very firewall, I got > > "Alert!: Unable to connect to remote host.". Obvious. The www.mysite.org DNS > > entry is related with my own firewall, 200.87.120.71, which has no web > > server, the request is redirected to 127.0.0.1. Damn! I tried a lot of > > rules, but I can´t find the right one. > > > > I explained the problem in a simple way, but the real one is when I run > > squid or a ppp-dialup server. > > > > Which is the right iptables rule? (writing lynx 192.168.1.2 do work, but is > > NOT the solution!) > > > > Rodolfo > > > have you tried from an external connection? Don't test NAT rules on > the firewall itself!!! > > Yang > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
