[ale] Stupid question time: PAT vs NAT

Jim Popovitch yahoo at jimpop.com
Tue May 8 13:45:18 EDT 2007


On Tue, 2007-05-08 at 11:04 -0600, JK wrote:
> But not *my* friend, apparently.  I'm wrong about REDIRECT;
> you really need a DNAT rule to do port forwarding, unless you're
> redirecting to a port on the firewall machine itself.  I use
> this all the time; it was looking at the man page that
> confuzzled me :-/

This is one that's been confusing me for some time... i'd like to
eliminate stunnel with the following... but it don't work 

  iptables -t nat -A PREROUTING -p tcp -i tap0 -d 192.168.1.1  
            --dport 587 -j DNAT --to some.other.host:587
  iptables -A FORWARD -p tcp -i tap0 -d 192.168.1.1 --dport 587
            -j ACCEPT


-Jim P.








More information about the Ale mailing list