iptables - lo interface problem

Yang Xiao yxiao2004 at gmail.com
Mon Aug 23 16:03:10 UTC 2004

On Mon, 23 Aug 2004 11:27:09 -0400, Rodolfo Alcázar
<rodolfo.alcazar at padep.org.bo> wrote:
> Hi, this is my first post. Greetings all of you!
> I have a 3-card (internet, LAN, DMZ) firewall installed. I have configured
> this rule for users who wants to visit my web site:
> iptables -t nat -A PREROUTING -d -p tcp -m tcp --dport 80 -j
> DNAT --to-destination
> (explained: If a internet users requests http service from,
> the request is redirected to on my DMZ)
> but when I type "$ lynx www.mysite.org" from my very firewall, I got
> "Alert!: Unable to connect to remote host.". Obvious. The www.mysite.org DNS
> entry is related with my own firewall,, which has no web
> server, the request is redirected to Damn! I tried a lot of
> rules, but I can´t find the right one.
> I explained the problem in a simple way, but the real one is when I run
> squid or a ppp-dialup server.
> Which is the right iptables rule? (writing lynx do work, but is
> NOT the solution!)
> Rodolfo
have you tried from an external connection? Don't test NAT rules on
the firewall itself!!!


More information about the users mailing list