Re: http access - fixing DNAT port forwarding access from internal networks.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: skydive <skydive@megamail.pt>
To: Damien Mason <damien@suse.net.au>
Cc: netfilter@lists.netfilter.org
Subject: Re: http access - fixing DNAT port forwarding access from internal networks.
Date: Fri, 21 Nov 2003 11:05:14 +0000	[thread overview]
Message-ID: <1069412714.3fbdf16a0caeb@paris-hme1> (raw)
In-Reply-To: <3FBD42BA.4000504@suse.net.au>

Damien:

first of all i'm glad i was clear enough so somebody 
could understand what my problem was!!
thank you for helping and i can say to you that it is 
working just fine, and i guess i'll do the same to my 
stmp server, so i can use absolute domain adresses, 
instead of using a lan domain to access pop and stmp 
server to send and receive mail ;))

thank very much for your time [][]


Cópia Damien Mason <damien@suse.net.au>:

you need an SNAT rule in there too.
>
> iptables -t nat -A POSTROUTING -p tcp --dport
> $PORT -s
> $INTNETWORK/SUBNET -d $INTIPSERVER -j SNAT
> --to-source $INTIPFIREWALL
>
> eg.
> iptables -t nat -A POSTROUTING -p tcp --dport
> 80 -s 192.168.0.0/24 -d
> 192.168.0.1 -j SNAT --to-source 192.168.0.254
> (assuming .254 is your firewall and .1 is your
> webserver)
>
>
> skydive wrote:
>
> >hi all
> >
> >i have been experienced a problem since i'm
> trying to
> >access my web server from my lan through my
> internet ip.
> >
> >i have no problems doing DNAT, from those who
> access my
> >web page form the outside:
> >
> >iptables -A PREROUTING -t nat -i eth0 -p tcp
> --dport 80
> >-j DNAT --to 192.168.0.1:80
> >
> >this is solving the problem
> >
> >let's say my web page has the following
> address
> >www.example.org, and that it is host  [like it
> is ;)) ]
> >in one machine on my lan with the following
> IP:
> >
> >192.168.0.1
> >
> >when i write www.example.org on my web
> browser, it just
> > hits eth1 on my gateway/firewall and stucks
> there.
> >maybe i'm missing something on my prerouting
> rules, or
> >maybe my small brain just can't reach it :)
> >
> >the way i see it, when i put www.example.org
> on my web
> >browser, i send i request to my gateway, and
> it was
> >supposed to take it back to my lan, where the
> site is
> >hosted.
> >
> >not working though...
> >
> >can somebody please help with these missing
> rules?! or
> >is it just something else i'm missing?
> >
> >thanks to those who took the time to ride all
> this
> >garbage and i'm greatfull even if you are not
> able to
> >help whatever your reason is ;)))
> >
> >[][] * * *
> >skydive!
> >
> >-------------------------------------------------
> >Email Enviado utilizando o serviço MegaMail
> >
> >
> >
> >
>
> --
> Damien Mason
> SuSE Systems Specialist
>
> http://www.suse.net.au./
> damien@suse.net.au
>
> SuSE Linux Asia-Pacific Pty Ltd
> Ph: +61 (2) 943 943 94
> Fax:+61 (2) 9437 38 39
>
>
>
> 



skydive!

-------------------------------------------------
Email Enviado utilizando o serviço MegaMail

next prev parent reply	other threads:[~2003-11-21 11:05 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-11-20 21:47 http acces skydive
2003-11-20 22:39 ` http access - fixing DNAT port forwarding access from internal networks Damien Mason
2003-11-21 11:05   ` skydive [this message]
2003-11-20 22:54 ` http acces Antony Stone
2003-11-21 10:47   ` skydive
2003-11-21 11:37     ` Antony Stone
2003-11-21  2:02 ` Josh Berry

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1069412714.3fbdf16a0caeb@paris-hme1 \
    --to=skydive@megamail.pt \
    --cc=damien@suse.net.au \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.