Helo Martin, helo folks, well that´s problably the fault. I use to try it with a FORWARD rule, but it don´t work. May I do a syntactic fault, but I think it has to be like : $IPTABLES -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -s potsdamerplatz -d IPINTERN --dport FF -j ACCEPT I also try to switch from <<-j MASQUERADE rule>> to <<-j SNAT --to-source MYIP>> I have read: MASQUERADING ins pretty good 4 dynamic IP, I still use static. But it is the same one. :-( Any idea ?? TIA best regards Dirk Ertl T-Systems PCM AG Computing & Desktop Services Business Unit Daimler Chrysler AG / debis Fon: +179/492 63 59 mailto:t-systems.ertl@daimlerchrysler.com mailto:dirk.ertl@t-systems.com Martin.Peikert@discon.de 23.01.2002 13:13 Bitte antworten an Martin.Peikert An: T-Systems Ertl/Extern/040/DCAG/DCX@wk-EMEA2 Kopie: suse-security@suse.com Thema: Re: Antwort: Re: [suse-security] DNAT problems T-Systems.Ertl@daimlerchrysler.com schrieb:
Helo Martin, helo folks,
thanks for your responce.
I can show U the rule:
$IPTABLES -A PREROUTING -t nat -p tcp --dport FF -j DNAT --to-destination IPINTERN
Ok, that's prerouting. Is there a forwarding rule that accepts that traffic? Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany