hi i im half way through a compleat overhaul of my network and OS's that are on it meaning everything is backed up and then formated to start from scratch. on my network i have my main server that does everything exept connect to the internet i have a seporate machine that connects to the internet and acts as a proxy which i have set up properly and works axept for iptables

on the machine that connects to the internaet it has 2 interfaces

eth0 - connects the the internet
eth1 - connects to internal network

what i want to do is forward all trafic incoming from the internet on eth0 through eth1 to the ip address 10.20.99.253 (my main server)

i have done this the same way i used to by doing this

iptables -t nat -A PREROUTING -i eth0 -d public-IP -j DNAT --to-destination 10.20.99.253

this used to work and no longer does i have removed all other iptables rules so i know it isnt that. when iptables doesnt have any rules i can ping the machine but when i add the rule i cannot ping at all with this rule i thought it would ping my main server also no other ports work using this rule even though they are all open on my server aswell as my connection machine

as i say this usedto work so i dont know why it no longer does

thanks for any ideas or help

berrance

You need to have a matching POSTROUTING rule to SNAT traffic going out on eth0 to the public ip number.

This is for replies that are not handled by conntrack until the stream has passed a small quantity of traffic, or doesn't go through the proxy..