iptables - lo interface problem

Rodolfo Alcázar rodolfo.alcazar at padep.org.bo
Mon Aug 23 15:27:09 UTC 2004


Hi, this is my first post. Greetings all of you!

I have a 3-card (internet, LAN, DMZ) firewall installed. I have configured
this rule for users who wants to visit my web site:

iptables -t nat -A PREROUTING -d 200.80.120.71 -p tcp -m tcp --dport 80 -j
DNAT --to-destination 192.168.1.2:80
(explained: If a internet users requests http service from 200.87.120.71,
the request is redirected to 192.168.1.2 on my DMZ)

but when I type "$ lynx www.mysite.org" from my very firewall, I got
"Alert!: Unable to connect to remote host.". Obvious. The www.mysite.org DNS
entry is related with my own firewall, 200.87.120.71, which has no web
server, the request is redirected to 127.0.0.1. Damn! I tried a lot of
rules, but I can´t find the right one.

I explained the problem in a simple way, but the real one is when I run
squid or a ppp-dialup server.

Which is the right iptables rule? (writing lynx 192.168.1.2 do work, but is
NOT the solution!)

Rodolfo






More information about the users mailing list