herbizarre root # iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 101 packets, 19732 bytes) pkts bytes target prot opt in out source destination 4 240 DNAT tcp -- any any anywhere 192.168.126.1 tcp dpt:www to:192.168.254.3 Chain POSTROUTING (policy ACCEPT 37 packets, 2311 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- any eth0 192.168.254.0/24 anywhere 0 0 MASQUERADE all -- any ppp1 192.168.254.0/24 anywhere Chain OUTPUT (policy ACCEPT 19 packets, 1231 bytes) pkts bytes target prot opt in out source destination herbizarre root # iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 101 packets, 19732 bytes) pkts bytes target prot opt in out source destination 4 240 DNAT tcp -- * * 0.0.0.0/0 192.168.126.1 tcp dpt:80 to:192.168.254.3 Chain POSTROUTING (policy ACCEPT 38 packets, 2383 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * eth0 192.168.254.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * ppp1 192.168.254.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 20 packets, 1303 bytes) pkts bytes target prot opt in out source destination herbizarre root # iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 58232 packets, 32M bytes) pkts bytes target prot opt in out source destination 25 17561 MARK tcp -- * * 192.168.254.3 0.0.0.0/0 tcp spt:80 MARK set 0x1 21185 30M LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 mport ports 80 LOG flags 0 level 4 prefix `NETFILTER: prerouting: ' Chain INPUT (policy ACCEPT 58068 packets, 32M bytes) pkts bytes target prot opt in out source destination 21036 30M LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 mport ports 80 LOG flags 0 level 4 prefix `NETFILTER: input: ' Chain FORWARD (policy ACCEPT 160 packets, 42282 bytes) pkts bytes target prot opt in out source destination 149 41622 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 mport ports 80 LOG flags 0 level 4 prefix `NETFILTER: forward: ' Chain OUTPUT (policy ACCEPT 44628 packets, 3556K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 44788 packets, 3598K bytes) pkts bytes target prot opt in out source destination 9953 552K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 mport ports 80 LOG flags 0 level 4 prefix `NETFILTER: postrouting: ' herbizarre root # iptables -t filter -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination herbizarre root # iptables-save # Generated by iptables-save v1.2.8 on Fri Feb 18 17:57:18 2005 *filter :INPUT ACCEPT [25:1556] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [17:1572] COMMIT # Completed on Fri Feb 18 17:57:18 2005 # Generated by iptables-save v1.2.8 on Fri Feb 18 17:57:18 2005 *mangle :PREROUTING ACCEPT [58328:32433142] :INPUT ACCEPT [58164:32390620] :FORWARD ACCEPT [160:42282] :OUTPUT ACCEPT [44698:3562127] :POSTROUTING ACCEPT [44858:3604409] -A PREROUTING -s 192.168.254.3 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x1 -A PREROUTING -p tcp -m mport --ports www -j LOG --log-prefix "NETFILTER: prerouting: " -A INPUT -p tcp -m mport --ports www -j LOG --log-prefix "NETFILTER: input: " -A FORWARD -p tcp -m mport --ports www -j LOG --log-prefix "NETFILTER: forward: " -A POSTROUTING -p tcp -m mport --ports www -j LOG --log-prefix "NETFILTER: postrouting: " COMMIT # Completed on Fri Feb 18 17:57:18 2005 # Generated by iptables-save v1.2.8 on Fri Feb 18 17:57:18 2005 *nat :PREROUTING ACCEPT [101:19732] :POSTROUTING ACCEPT [38:2383] :OUTPUT ACCEPT [20:1303] -A PREROUTING -d 192.168.126.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.254.3 -A POSTROUTING -s 192.168.254.0/255.255.255.0 -o eth0 -j MASQUERADE -A POSTROUTING -s 192.168.254.0/255.255.255.0 -o ppp1 -j MASQUERADE COMMIT # Completed on Fri Feb 18 17:57:18 2005