Re: http access - fixing DNAT port forwarding access from internal networks.

[Damien Mason <damien@suse.net.au>]

you need an SNAT rule in there too.

iptables -t nat -A POSTROUTING -p tcp --dport $PORT -s 
$INTNETWORK/SUBNET -d $INTIPSERVER -j SNAT --to-source $INTIPFIREWALL

eg.
iptables -t nat -A POSTROUTING -p tcp --dport 80 -s 192.168.0.0/24 -d 
192.168.0.1 -j SNAT --to-source 192.168.0.254
(assuming .254 is your firewall and .1 is your webserver)


skydive wrote:

>hi all
>
>i have been experienced a problem since i'm trying to
>access my web server from my lan through my internet ip.
> 
>i have no problems doing DNAT, from those who access my
>web page form the outside:
>
>iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80
>-j DNAT --to 192.168.0.1:80
>
>this is solving the problem
>
>let's say my web page has the following address
>www.example.org, and that it is host  [like it is ;)) ]
>in one machine on my lan with the following IP:
>
>192.168.0.1
>
>when i write www.example.org on my web browser, it just
> hits eth1 on my gateway/firewall and stucks there.
>maybe i'm missing something on my prerouting rules, or
>maybe my small brain just can't reach it :)
>
>the way i see it, when i put www.example.org on my web
>browser, i send i request to my gateway, and it was
>supposed to take it back to my lan, where the site is
>hosted.
>
>not working though...
>
>can somebody please help with these missing rules?! or
>is it just something else i'm missing?
>
>thanks to those who took the time to ride all this
>garbage and i'm greatfull even if you are not able to
>help whatever your reason is ;)))
>
>[][] * * *
>skydive!
>
>-------------------------------------------------
>Email Enviado utilizando o serviço MegaMail
>
>
>  
>

-- 
Damien Mason
SuSE Systems Specialist

http://www.suse.net.au./
damien@suse.net.au

SuSE Linux Asia-Pacific Pty Ltd
Ph: +61 (2) 943 943 94
Fax:+61 (2) 9437 38 39