On Wed, Feb 04, 2004 at 06:28:03PM +0100, Pony wrote:
Non ho la pass di root o meglio non la ricordo pero' la regola dovrebbe essere qualcosa di simile (la uso in un aula)
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/255.255.255.0 -d 192.168.1.9 --destination-port 443 -j SNAT --to-source 192.168.1.5
Questa e' la spiegazione del manuale di fwbuilder:
This situation is described in iptables HOWTO http://www.netfilter.org/documentation/HOWTO//NAT- HOWTO.html This problem occurs when machines on internal LAN try to access a server (let's say a web server) which is actually located on the same LAN and NAT'ed through the firewall for external access. If internal users access it by its external NAT'ed address, then they send their TCP packets through the firewall, which translates them and sends them to the server on LAN. Server, however, replies back to the clients directly, because they are on the same network. Since the reply has server 's real address in the source, clients do not recognize it and connection can not be established. To resolve this problem you need to make NAT rule replace source address of the packet with address of firewall's internal interface. This should happen in addition to the translation of the destination address de- scribed in the previous chapters. If the source address of the packet that hits the server belongs to the firewall, the server replies to it; the firewall then translates again before sending the packet back to the client. Client sees the address it expects and connection gets established. Fortunately Firewall Builder supports this kind of a dual translation NAT rule. The rule #0 in Figure 10-13 does just that: it translates both source and destination address of the packet. Firewall's interface eth0 is internal and is connected to the same subnet the server web server belongs to. For any packet headed for any address of the firewall, TCP port 80, the rule #0 substitutes its source address with the address of interface eth0 and its destination address with the address of web server. The packet reaches the server because its destination address has been changed. This also makes the server reply back to the firewall, which in turn provides reverse translation before it sends these reply packets back to client hosts.
ciao
Pony