destination nat onto the same network

destination nat onto the same network

[ro0ot]

Hi all,

I have one webserver inside my LAN but when I try to browse it via the 
hostname (eg. www.example.com) from a workstation inside my LAN, the 
browser can't reach the page.  Why?  From remote (outside), I can browse 
to the website.

Below is a simple diagram of my network: -

INTERNET <-> ROUTER <-> FIREWALL_IPTABLES <-> SWITCH <-> WEBSERVER + 
OTHER_WORKSTATIONS

Here is my simple firewall rules: -

$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP

$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -t nat -A PREROUTING -i $fwif -p tcp --dport 80 -j DNAT --to 
$webserver_ip

$IPTABLES -t nat -A POSTROUTING -o $fwif -j MASQUERADE

Regards,
ro0ot

Re: destination nat onto the same network

[Antony Stone]

On Thursday 17 June 2004 1:18 pm, ro0ot wrote:

> Hi all,
>
> I have one webserver inside my LAN but when I try to browse it via the
> hostname (eg. www.example.com) from a workstation inside my LAN, the
> browser can't reach the page.  Why?  From remote (outside), I can browse
> to the website.

http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html

The best solution to this is to set up split DNS, so your internal clients get 
the real (private) address, and external clients get the public address, when 
resolving www.example.com.

Regards,

Antony.

-- 
Most people are aware that the Universe is big.

 - Paul Davies, Professor of Theoretical Physics

                                                     Please reply to the list;
                                                           please don't CC me.