From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Mark Ayad" Subject: RE: Destination NAT Onto the Same Network Problem Date: Wed, 10 Jul 2002 17:47:45 +0200 Sender: netfilter-admin@lists.samba.org Message-ID: <009f01c22829$235a3600$0300a8c0@W2KP01> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_009C_01C22839.E614B980" Return-path: Errors-To: netfilter-admin@lists.samba.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.samba.org This is a multi-part message in MIME format. ------=_NextPart_000_009C_01C22839.E614B980 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sorry everyone, that this is getting quite long ): I gave $IPTABLES -t nat -A PREROUTING -d a.b.c.d -p tcp --dport 80 -j DNAT --to 192.168.0.3 a whirl but no joy, although the onnection request tqkes muck longer to = time out ? So we have [198.168.0.3] make a request on [198.168.0.1] the gateway which is MASQ = to [a.b.d.c] the ext IP of the firewall. The DNS lookup returns [a.b.d.c] which is Postrouted DNAT mapped to [198.168.0.3] Am I right I thinking that the source address is that of the gateway [198.168.0.1] , which is why I get no response ? echo " clearing any existing rules and setting default policy.." $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F $IPTABLES -A INPUT -p tcp --syn --destination-port 80 -j ACCEPT $IPTABLES -A INPUT -p tcp --syn -j DROP $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.0.3:80 $IPTABLES -t nat -A PREROUTING -d a.b.c.d -p tcp --dport 80 -j DNAT --to 192.168.0.3 $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE echo -e "\nrc.firewall-2.4 v$FWVER done.\n" Where where a.b.c.d is the ext IP of the firewall. Still won't connect from an IP request on 192.168.0.3 ? It requires a rule simply to act as a loopback but first going by the external ip to obtain the external dns IP which is a.b.c.d. ------=_NextPart_000_009C_01C22839.E614B980 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Sorry everyone, that this is getting = quite long=20 ):
 
I gave

$IPTABLES -t nat -A = PREROUTING -d=20 a.b.c.d -p tcp --dport 80 -j DNAT --to
192.168.0.3

a whirl but = no joy,=20 although the onnection request tqkes muck longer to time
out = ?

So we=20 have

[198.168.0.3] make a request on [198.168.0.1] the = gateway =20 which is MASQ to
[a.b.d.c]  the ext IP of the firewall. The DNS = lookup=20 returns [a.b.d.c]
which is Postrouted DNAT mapped to = [198.168.0.3]

Am=20 I right I thinking that the source address is that of the=20 gateway
[198.168.0.1] , which is why I get no response ?

echo=20 "   clearing any existing rules and setting default=20 policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F = INPUT
$IPTABLES -P=20 OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD = DROP
$IPTABLES=20 -F FORWARD
$IPTABLES -t nat -F

$IPTABLES -A INPUT -p tcp --syn = --destination-port 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --syn -j=20 DROP

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j = ACCEPT
$IPTABLES -A=20 FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j=20 LOG

$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 80 = -j
DNAT=20 --to-destination 192.168.0.3:80

$IPTABLES -t nat -A PREROUTING -d = a.b.c.d=20 -p tcp --dport 80 -j DNAT --to
192.168.0.3

$IPTABLES -t nat -A = POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\nrc.firewall-2.4 = v$FWVER=20 done.\n"

Where where a.b.c.d is the ext IP of the = firewall.

Still=20 won't connect from an IP request on 192.168.0.3 ?

It requires a = rule=20 simply to act as a loopback but first going by the
external ip to = obtain the=20 external dns IP which is = a.b.c.d.



------=_NextPart_000_009C_01C22839.E614B980--