As was implied before, both interfaces are connected internally (IntrA-net) and before I try the relay with VPN, I'm testing it on another internal computer (just to eliminate any VPN potential problems). Frank M. Ramaekers Jr. Systems Programmer MCP, MCP+I, MCSE & RHCE American Income Life Insurance Co. Phone: (254)761-6649 1200 Wooded Acres Dr. Fax: (254)741-5777 Waco, Texas 76710 -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Vahur Jõesalu Sent: Thursday, April 24, 2008 11:28 AM To: CentOS mailing list Subject: Re: [CentOS] TCP/IP Port Relay well you can't - to the best of my knowledge. And I cannot see the reason for wanting it. The idea of using -i and -o in FORWARD chain is to specify the direction traffic is allowed to go. It could be that firewall is blocking all outgoing traffic. Omitting -i and -o would allow the internal server to initiate traffic to port 23 anywhere in the internet. Virtual interface is for assigning additional IP-s to same interface, so any rules regarding interface still apply to the whole of physical network card. -vahur James Pifer wrote: > On Thu, 2008-04-24 at 17:27 +0300, Vahur Jõesalu wrote: >> hmm, if I understood you correctly, then this should work just fine (on >> linux firewall): >> >> /sbin/iptables -t nat -I PREROUTING -p tcp --dport 23 -j DNAT \ >> --to telnetserverip:port-number >> /sbin/iptables -I FORWARD -i external_interface -o internal_interface \ >> -p tcp -d telnetserverip --dport portnumberontelnetserver -j ACCEPT >> >> after a reboot or firewall service restart it's gone again. >> >> -vahur > > Sorry to jump in on someone else's thread, but... How do you do this if > the interface you want to use is a virtual? Meaning it's eth0:1 for > example? The -i parameter will not let you use that. > > Thanks, > James > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos _____________________________________________________ This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at PrivacyAct at ailife.com.