[CentOS] DNAT PREROUTING issue with iptables
indunil75 at gmail.com
Tue Sep 25 05:27:34 UTC 2007
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 18.104.22.168/29 is the internet interace of FIRST firewall.
22.214.171.124/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address -
126.96.36.199/29) to the internet ip address ( 188.8.131.52/29) of SECOND firewall.
That firewal DNATs port 25 to mail server @ 192.168.100.3 in DMZ zone.
These are rules I have added.
FIRST firewall (its internet ip address - 184.108.40.206/29) I have addes below
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 220.127.116.11 --dport 25 -j DNAT
That should forward port 25 to SECOND firewall. in SECOND firewall, I have
added 2 below rules.
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 18.104.22.168 --dport 25 -j DNAT
iptables -A FORWARD -p tcp -d 192.168.100.3 --dport 25 -m state --state NEW
Now, it should forward port 25 to mail server @ DMZ Zone.
I think I have added these rules properly. But, It does not work.
I checked from outside world . I telneted to port 25 of first firewaal.
Then, It should forward to mail server @ DMZ zone.
But, no responce.
WHY is that?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS