Hi, I hope this is the right section where I can post my problem.
My network topology is as below:
#### ## 192.11.1.11 #### 192.4.200.2 ####
#### --------------- #### ------------- #### ------------- ####
#### ## WAN #### LAN ####
PC1 Router Firewall PC2
192.11.1.2 192.11.1.1 192.4.200.95
I need to create a static route (NAT?) between PC1 and PC2 that are
in 2 different networks. Other PCs in the two networks don't have to
see each other.
The network interface on 192.11.1.11 has name "WAN" and the other one
has name "LAN".
I tried to add some iptables rules:
iptables -t nat -I PREROUTING -d 192.11.1.2 -j DNAT --to 192.4.200.95
iptables -t nat -I POSTROUTING -s 192.4.200.95 -j SNAT --to 192.11.1.2
iptables -I FORWARD -d 192.4.200.95 -p tcp -j ACCEPT
but it doesn't work.
The iptables -L output:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- 192.4.200.0/24 anywhere LOG level warning prefix `Spoofed traffic detected: '
ACCEPT all -- 192.4.200.0/24 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT all -- 192.11.1.2 anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere 192.4.200.95
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG udp -- anywhere anywhere udp dpt:465 LOG level warning prefix `grant access 587:UDP'
ACCEPT udp -- anywhere anywhere udp dpt:465
LOG tcp -- anywhere anywhere tcp dpt:ssmtp LOG level warning prefix `grant access 587:TCP'
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
LOG udp -- anywhere anywhere udp dpt:submission LOG level warning prefix `grant access 587:UDP'
ACCEPT udp -- anywhere anywhere udp dpt:submission
LOG tcp -- anywhere anywhere tcp dpt:submission LOG level warning prefix `grant access 587:TCP'
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
LOG udp -- anywhere anywhere multiport dports imaps:pop3s LOG level warning prefix `grant access 993:995:UDP'
ACCEPT udp -- anywhere anywhere multiport dports imaps:pop3s
LOG tcp -- anywhere anywhere multiport dports imaps:pop3s LOG level warning prefix `grant access 993:995:TCP'
ACCEPT tcp -- anywhere anywhere multiport dports imaps:pop3s
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere 192.4.200.0/24 LOG level warning prefix `Spoofed traffic detected: '
ACCEPT all -- anywhere 192.4.200.0/24
ACCEPT all -- anywhere 192.11.1.2
ACCEPT all -- anywhere anywhere
Chain proxy (0 references)
target prot opt source destination
I would like to know how I can fix my problem.Thank you very much.