On 01/25/2011 01:13 PM, Jatin K wrote: > iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT > --to-destination 192.168.131.131 Ok, assuming your default policy is to drop, I think you'll need this rule: iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT I'm assuming eth1 is your internal interface (and eth0 your external WAN iface). This rule will allow the responses from your web-server to pass-thru your firewal... Also, if you leave all like this it won't work as you need to perform "Source NAT or Masquerade" for your 192.168.131.131 ip (if you don't...then it will leave your external interface as coming from 192.168.131.131 which of course is not valid ip for the internet). In order for your webserver send responses to a machine on the internet you need to masquerade its ip. You can do this with this: iptables -A POSTROUTING -o eth0 -s 192.168.131.0/24 -j MASQUERADE That is, all traffic that will go out thru eth0, if the source network is 192.168.131.0/24, then change the source ip to that of your eth0 (your WAN ip). Try that and see if works. HTH, Jorge -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
