On Mon, May 10, 2010 at 06:10:02PM -0400, Jerry Geis wrote: > I have a centos box with 3 nics. eth0 is internal, eth1 is T1 data and eth2 is cable data. > Everything is working on eth2 cable. External NAT is working just fine for eth2. > However external address 74.x.x.x on eth1 is not working. > > Below is my iptables information. > > I setup eth1 same as eth2 just a different IP address of course. What did I miss that > eth1 and NAT is not working? > > Just looking for both public IP's incoming to NAT to the correct IP address. Only 1 is working at this time. > > > Thanks, > > Jerry > > --------------- > > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 > ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 > REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited > > > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT tcp -- 0.0.0.0/0 24.123.23.170 tcp dpt:22 to:192.168.1.209:22 > DNAT tcp -- 0.0.0.0/0 24.123.23.170 tcp dpt:25 to:192.168.1.209:25 > DNAT tcp -- 0.0.0.0/0 24.123.23.170 tcp dpt:80 to:192.168.1.209:80 > DNAT tcp -- 0.0.0.0/0 74.223.8.179 tcp dpt:22 to:192.168.1.58:22 > DNAT tcp -- 0.0.0.0/0 74.223.8.179 tcp dpt:25 to:192.168.1.58:25 > DNAT tcp -- 0.0.0.0/0 74.223.8.179 tcp dpt:80 to:192.168.1.58:80 > > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- 192.168.1.0/24 0.0.0.0/0 to:24.123.23.170 > SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.209 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1 > SNAT all -- 0.0.0.0/0 192.168.1.58 to:192.168.1.1 > > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 24.123.23.168 0.0.0.0 255.255.255.248 U 0 0 0 eth2 > 74.223.8.176 0.0.0.0 255.255.255.240 U 0 0 0 eth1 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 > 0.0.0.0 24.123.23.169 0.0.0.0 UG 0 0 0 eth2 You need to make source routing on 74.223.8.176 and eth1. Please, read this: http://linux-ip.net/html/adv-multi-internet.html -- Dominik Zyla -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20100511/e5aeef6d/attachment-0004.sig>