On Wednesday 26 January 2011 04:44 AM, Jorge Fábregas wrote: > On 01/25/2011 01:13 PM, Jatin K wrote: >> iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT >> --to-destination 192.168.131.131 > Ok, assuming your default policy is to drop, I think you'll need this rule: > > iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT > > I'm assuming eth1 is your internal interface (and eth0 your external WAN > iface). This rule will allow the responses from your web-server to > pass-thru your firewal... > > Also, if you leave all like this it won't work as you need to perform > "Source NAT or Masquerade" for your 192.168.131.131 ip (if you > don't...then it will leave your external interface as coming from > 192.168.131.131 which of course is not valid ip for the internet). In > order for your webserver send responses to a machine on the internet you > need to masquerade its ip. You can do this with this: > > iptables -A POSTROUTING -o eth0 -s 192.168.131.0/24 -j MASQUERADE I've not tried this .... thanx for suggestion I will try it and let the list know > That is, all traffic that will go out thru eth0, if the source network > is 192.168.131.0/24, then change the source ip to that of your eth0 > (your WAN ip). > > Try that and see if works. > > HTH, > Jorge -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
