* 1:1 NAT, DMZ and Masq
@ 2003-02-18 21:00 Tiziano Müller
2003-02-18 21:43 ` Aldo S. Lagana
0 siblings, 1 reply; 2+ messages in thread
From: Tiziano Müller @ 2003-02-18 21:00 UTC (permalink / raw)
To: netfilter
Hi guys
I apologize for my first message, it was crap.
sorry.
Now, I\'ve a little problem and no idea how to
solve it, I hope, someone could give me a hint.
Situation:
Internet -- Firewall 1 -- DMZ -- Firewall 2 -- LAN
|-- Webserver = WWW
|-- FTP
|-- DNS
now, for the Server in the DMZ, I wanted to use a 1:1
NAT, for the hole rest Masq. So did I the follow (for the WWW)
on the Linux-Router:
10.0.0.4 = DMZ IP WWW; x.x.x.165 = Official IP WWW
ifconfig eth1:1:0 add x.x.x.165
(as described in the NAT HowTo, necessary for the ARP-Packets)
iptables -t nat -A PREROUTING -d x.x.x.165 -j DNAT --to 10.0.0.4
iptables -t nat -A POSTROUTING -s 10.0.0.4 -j SNAT --to x.x.x.165
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
So far it works well from the inside. From outside I can only ping
the WWW and connect with SSH, but not connect via FTP or WWW (the
services are up and running).
Has someone an idea, why this happens? Or a better idea to do this?
Thanks very much in advance
Tiziano
^ permalink raw reply [flat|nested] 2+ messages in thread* RE: 1:1 NAT, DMZ and Masq
2003-02-18 21:00 1:1 NAT, DMZ and Masq Tiziano Müller
@ 2003-02-18 21:43 ` Aldo S. Lagana
0 siblings, 0 replies; 2+ messages in thread
From: Aldo S. Lagana @ 2003-02-18 21:43 UTC (permalink / raw)
To: 'Tiziano Müller', netfilter
You may need FORWARD rules to your DMZ server(s):
iptables -A FORWARD -d <DMZServer> -j ACCEPT
or for more security (I'd recommend):
iptables -A FORWARD -p tcp -d <DMZserver) 80 -j ACCEPT
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of
> Tiziano Müller
> Sent: Tuesday, February 18, 2003 4:01 PM
> To: netfilter@lists.netfilter.org
> Subject: 1:1 NAT, DMZ and Masq
>
>
> Hi guys
>
> I apologize for my first message, it was crap.
> sorry.
>
> Now, I\'ve a little problem and no idea how to
> solve it, I hope, someone could give me a hint.
>
> Situation:
>
> Internet -- Firewall 1 -- DMZ -- Firewall 2 -- LAN
> |-- Webserver = WWW
> |-- FTP
> |-- DNS
>
> now, for the Server in the DMZ, I wanted to use a 1:1
> NAT, for the hole rest Masq. So did I the follow (for the
> WWW) on the Linux-Router:
>
> 10.0.0.4 = DMZ IP WWW; x.x.x.165 = Official IP WWW
>
> ifconfig eth1:1:0 add x.x.x.165
> (as described in the NAT HowTo, necessary for the ARP-Packets)
>
> iptables -t nat -A PREROUTING -d x.x.x.165 -j DNAT --to
> 10.0.0.4 iptables -t nat -A POSTROUTING -s 10.0.0.4 -j SNAT
> --to x.x.x.165 iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
> So far it works well from the inside. From outside I can only
> ping the WWW and connect with SSH, but not connect via FTP or
> WWW (the services are up and running).
>
> Has someone an idea, why this happens? Or a better idea to do this?
>
> Thanks very much in advance
> Tiziano
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-02-18 21:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-02-18 21:00 1:1 NAT, DMZ and Masq Tiziano Müller
2003-02-18 21:43 ` Aldo S. Lagana
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.