> However my iptables logic doesn't seem to add up
> can anyone shed some light to what might be the hang up?
I've never tried forwarding like this, but I do see problems with your logic.
First, the specific case should come before the general case. So the
stratos rules should come first.
> iptables -A PREROUTING -t nat -p tcp -d ${STRATOS_SERVER} --dport 1723
> -j DNAT --to ${STRATOS_CLIENT}:1723
Next, these rules stratos rules are saying if the traffic is going to
the stratos server, forward port 1723 to the internal client. What I
think you're trying to say is
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723
-j DNAT --to ${STRATOS_CLIENT}:1723 -s ${STRATOS_SERVER}
This says if the traffic is to coming to you, and its from stratos,
send it to the stratos client.
Try something like that.
Received on Tue Mar 13 09:10:03 2007
This archive was generated by hypermail 2.1.8 : Tue Mar 13 2007 - 09:10:18 CST