Re: Reaching internal computers through the external ipaddress inside private network

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cc <cc@belfordhk.com>
To: netfilter@lists.netfilter.org
Subject: Re: Reaching internal computers through the external ipaddress inside private network
Date: Thu, 22 Apr 2004 12:47:18 +0800	[thread overview]
Message-ID: <40874E56.80503@belfordhk.com> (raw)
In-Reply-To: <40850EA0.7090206@dev.null.se>

Christopher Abrahamsson sighed and wrote::

> Hi
>
> I've been trying to solve this problem for quite some time now, but i
> can't really figure out how...
> Here's my current setup:
>                               _ my computer (10.0.0.3)
>                              |
> internet - iptables gateway -|- my server(web, mail etc) (10.0.0.2)
>             (212.181.43.20)  |
>                              |_ a bunch of other computers (10.0.0.x)
>
>
I believe you firstly need to do a NAT prerouting and then after the
forward lines, you need a POSTROUTING NAT command.  Here's my
stab at this, given your situation:


iptables -t nat -A PREROUTING -i eth1 -p tcp -d 212.181.43.20 \
               --dport 80 -j DNAT --to 10.0.0.2

#not too sure if the next line is needed.
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -p tcp --dst 10.0.0.2 \
           --dport 80 -s 10.0.0.3 -j SNAT --to-source 212.181.43.20

Mind you, I think the last line above, the --to-source should be
pointing to your gateway's internal IP and not the external one.
If your gateway's internal IP is 10.0.0.20, then the above should
be:

iptables -t nat -A POSTROUTING -o eth1 -p tcp --dst 10.0.0.2 \
           --dport 80 -s 10.0.0.3 -j SNAT --to-source 10.0.0.20

Can someone point out if I got the above correct?

Edmund

     prev parent reply	other threads:[~2004-04-22  4:47 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-20 11:50 Reaching internal computers through the external ipaddress inside private network Christopher Abrahamsson
2004-04-22  4:47 ` cc [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40874E56.80503@belfordhk.com \
    --to=cc@belfordhk.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.