From: Boryan Yotov <yotov@prosyst.com>
To: netfilter@lists.netfilter.org
Subject: Re: FW: Opening connection
Date: Wed, 30 Oct 2002 17:31:58 +0100 [thread overview]
Message-ID: <3DC0097E.1020102@prosyst.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1912 bytes --]
Hello,
If I understood your wish clearly you have the following situation
1. Gateway connected to the Internet as well as to your LAN
- external interface eth0 with IP 1.2.3.4
- internal interface eth1 with iP 9.9.9.1
2. Mail server running inside your LAN on IP 9.9.9.2 using the above
machine as Internet gateway
3. Web server again on your local LAN on IP 9.9.9.3 and the same as
for your mail server
(Note) All the values are example ones.
The firewall rules which you'll need in order both server to be
visible from Internet could look like:
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 80 -j
DNAT --to-destination 9.9.9.3
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 443
-j DNAT --to-destination 9.9.9.3
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 25 -j
DNAT --to-destination 9.9.9.2
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 110
-j DNAT --to-destination 9.9.9.2
(Note) For the external world it'll look like both servers are
running on your Gateway.
And of course using this configuration you don't need to change the
routing table. But at least the DNS entries for the mail and web server
must point to the external IP of your Gateway.
One addition - use for example the following rule if you want your
LAN to be able to reach Internet via the above Gateway:
#Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 9.9.9.0/24 -j SNAT
--to-source 1.2.3.4
where 9.9.9.0 is your LAN and 24 is your LAN's netmask.
Regards :)
MValentin@imsidc.com wrote:
>
>
>> Please if anybody can help me. My first Linux 7.2 firewall. How do I
>> setup
>> a connection using NAT for a web and mail server in the LAN. Also, Do I
>> have to create entries for the routing table?
>>
>
>
>
>
>
>
next reply other threads:[~2002-10-30 16:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-30 16:31 Boryan Yotov [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-10-30 15:19 FW: Opening connection MValentin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DC0097E.1020102@prosyst.com \
--to=yotov@prosyst.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.