Static NAT w/ iptables problem
Hello, I'm trying to set up a firewall to do static NAT between two networks: internal network 192.168.1.0/24 server 192.168.1.3 | LAN_IF 192.168.1.7 Firewall EXT_IF 10.80.137.1, 10.80.137.10 | DMZ 10.80.137.0/24 'server' should be reachable from the DMZ by talking to 10.80.137.1. That address has no other purpose. My rules so far don't work. I can not reach 'server' by talking to x.x.x.1 on the external IF of the Firewall. Any idea why? ------------------------------------------------ ifconfig eth1 add 10.80.137.1 echo "Clearing current rules ..." iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # LAN: 192.168.1.0/24 LAN_IF=eth0 # EXT: 10.80.137.0/24 EXT_IF=eth1 # 'server': EXT_DS=10.80.137.1 DS=192.168.1.195 IPTABLES=/sbin/iptables # (Connections originating from the DMZ) $IPTABLES -t nat -A PREROUTING -d $EXT_DS -i $EXT_IF -j DNAT --to-destination $DS $IPTABLES -A FORWARD -p all -i $EXT_IF -o $LAN_IF -d $DS -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -t filter -i $EXT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT # (Connections originating from internal) $IPTABLES -t nat -A POSTROUTING -s $EXT_DS -o $EXT_IF -j SNAT --to-source $DS $IPTABLES -A FORWARD -t filter -i $LAN_IF -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ------------------------------------------------ Thanks in advance Markus --------------------------------------------------------------------------------- | Dipl. Inform. Markus Trümper | | | | Daewoo Automobile Deutschland GmbH | | email: m.truemper@daewoo-automobile.de | Lindenstraße 110 | | www: http://www.daewoo-automobile.de | 28755 Bremen | | Telefon: +49 (0)421 668-4138 | Germany | | Fax: +49 (0)421 668-4192 | | ---------------------------------------------------------------------------------
participants (1)
-
Markus Trümper