Hi
I have an simple firewal on redhat 9.0. I want all my http request on eth0 (xx.xx.xx.10) to forwarded to an internal machine (yy.yy.yy.26) the ip of eth1 is (yy.yy.yy.28). But i am not able to it.
From this machine i can ping yy.yy.yy.26 or see the http site of the machine.
All others like masquadering all the running ok.
I am attaching my iptables.
Please help me.
Thanking you
Sanjib gupta


# Generated by iptables-save v1.2.7a on Mon Apr 30 15:08:01 2007
*nat
:PREROUTING ACCEPT [163:15266]
:POSTROUTING ACCEPT [13:780]
:OUTPUT ACCEPT [13:780]
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to yy.yy.yy.26:80
-A POSTROUTING -s yy.yy.yy.24/28 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Apr 30 15:08:01 2007
# Generated by iptables-save v1.2.7a on Mon Apr 30 15:08:01 2007
*mangle
:PREROUTING ACCEPT [899:63753]
:INPUT ACCEPT [741:48753]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [683:50009]
:POSTROUTING ACCEPT [683:50009]
COMMIT
# Completed on Mon Apr 30 15:08:01 2007
# Generated by iptables-save v1.2.7a on Mon Apr 30 15:08:01 2007
*filter
:INPUT ACCEPT [741:48753]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [683:50009]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -s xx.xx.xx.0/28 -d 0/0 -p all -j ACCEPT
-A INPUT -i eth1 -s yy.yy.yy.24/29 -d 0/0 -p all -j ACCEPT
-A FORWARD -i eth1 -p tcp -s yy.yy.yy.24/255.255.255.240 --dport 80 -j ACCEPT
-A FORWARD -i eth1 -p tcp -s yy.yy.yy.26/255.255.255.255 --dport smtp -j ACCEPT
-A FORWARD -i eth1 -p tcp -s yy.yy.yy.24/255.255.255.240 --dport 53 -j ACCEPT
-A FORWARD -i eth1 -p udp -s yy.yy.yy.24/255.255.255.240 --dport 53 -j ACCEPT
COMMIT
# Completed on Mon Apr 30 15:08:01 2007