ronan lopes wrote:
I am having problems to use DNAT in one gateway with
external interface ppp0 and internal interface eth1 Already
I placed MTU low 890 of eth0 very; but ppp0
only connects with MTU 1492 would like to reduce this
MTU, therefore when I use the rule:
iptables -A FORWARD -p tcp -m tcp --tcp-flags \
SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
and
iptables -t nat -I PREROUTING -p tcp --dport 3389 \
-j DNAT --to 10.0.0.7
it does not function!
---------------------------------
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular.
Registre seu aparelho agora!
Hi
I think, if I remember you don't need to touch the MTU of eth0... only
ppp0 need to be set to 1492 or less if using any type of VPN...
I also think, if I remember that you don't need the iptables rule with
clamp-mss-to-pmtu if you change the MTU manually !
For the DNAT, after the DNAT rule, you need to allow the traffic in the
table "filter" with a rule like that:
iptables -t filter -A FORWARD -m state --state NEW \
-i <external interface> -o eth1 -d 1.0.0.7 --dport 3389 -j ACCEPT
I'm sure about this point.... after a DNAT, you MUST allow the traffic
in table "filter"
Regards
Guillaume
--
Guillaume
E-mail: silencer_<at>_free-4ever_<dot>_net
Blog: http://guillaume.free-4ever.net
----
Site: http://www.free-4ever.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
