Barry Brimer wrote:
/sbin/ifconfig eth0:1 $WIN_EXTERNAL_IP netmask $ETH0_NETMASK broadcast $ETH0_BCAST /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $WIN_EXTERNAL_IP --dport 80 -j DNAT --to $WIN_INTERNAL_IP:80 /sbin/iptables -A FORWARD -p tcp -i eth0 -d $WIN_INTERNAL_IP --dport 80 -j ACCEPT
I have this log entry at the bottom of the firewall rules:
/sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD "
When I try to go to the external IP address http://a.b.c.d from another network, I get an error.
Do you have return POSTROUTING rules in your iptables nat table, have you enabled ip forwarding?
and, have you loaded the IP Connection Tracker module? I believe thats required to properly track connections through the NAT process.
# modprobe ip_conntrack