[Firewall] Port forwarding and Transparent DNAT question
andy at thebmwz3.co.uk
Mon Nov 5 08:48:35 MST 2007
Cheers for the effort as always :)
Unfortunately not, I modified that line as it initially failed, so trying:
iptables -t nat -A PREROUTING -d 22.214.171.124 -p tcp --dport 25 -j DNAT
Still no luck with that unfortunately.
Arno van Amersfoort wrote:
> And if you try:
> iptables -t nat -A PREROUTING -d 126.96.36.199 --dport 25 -j DNAT
> --to-destination 192.168.55.1:25
> Does this fix the problem?
> If so, I need to update the plugin, so please let me know your findings.
> Andy wrote:
>> Hi all,
>> Having come back to the scripts from using pfsense, due to it being very
>> inflexible and several problems with ipsec VPNs, I'm using these
>> excellent scripts.
>> I do have one query, I'm using the transparent DNAT and cannot quite get
>> it to do what I want.
>> My firewall is on external 188.8.131.52 for example and internal IP 192.168.55.2
>> My LAN server is on 192.168.55.1
>> So my firewall points port 80 25 and 143 to 192.168.55.1 via NAT rules.
>> Now, I have added in transparent DNAT as I'd like to be able to connect
>> to 184.108.40.206 port 143 whilst internal to my network. My dnat settings are:
>> I have also tried setting my internal IP to 192.168.55.1 and still no luck.
>> Trying things manually, if I paste a rule:
>> iptables -t nat -A OUTPUT -d 220.127.116.11 -p tcp --dport 25 -j DNAT
>> --to-destination 192.168.55.1:25
>> Then try connecting, I've noticed this in my kernel logs:
>> Nov 4 20:46:17 voyage kernel: NAT: no longer support implicit source
>> local NAT
>> Nov 4 20:46:17 voyage kernel: NAT: packet src 192.168.55.2 -> dst 18.104.22.168
>> Which looks bad, is this something that has changed and causes
>> transparent DNAT not to work anymore with these kernels??
>> Any adbvice please guys? I'd rather not have to put an internal DNS
>> intercept/hack to solve this problem if at all possible :)
More information about the Firewall