From: Tom <tom@tomdp.com>
To: netfilter@lists.netfilter.org
Subject: Re: locally access server behind firewall
Date: Wed, 01 Sep 2004 20:11:35 +0200 [thread overview]
Message-ID: <413610D7.70008@tomdp.com> (raw)
In-Reply-To: <1094061903.2037.112.camel@localhost>
John A. Sullivan III wrote:
>If I understand you correctly, you are trying to connect to the web
>server on the internal network from devices on the internal network.
>That means the packets never pass through the firewall. In that case,
>no additional rules will help you.
>
>
>
Well, I try to connect from a machine on the internal network, but I
don't use the internal IP address of the server. I try to connect using
the external address, which is the public ip address of the firewall. So
I thought the packets would pass the firewall..?
>You could force the traffic to pass through the firewall by placing the
>web server on a physical DMZ (highly preferable if this web server
>allows public access as it appears to - if someone cracks it, they will
>be on your internal network) or on a logical DMZ. To create a logical
>DMZ, simply bind a second address for a separate subnet to the internal
>interface of the firewall and change the web server internal address to
>an address on that new subnet.
>
>
>
That's maybe a good idea... Will try that when I have some more time.
But for the time being, I want to be able to connect to my webserver as
if it were somewhere else on the internet...
>However, I would think the easiest thing to do is configure Apache to
>answer on port 8888. Hope this helps - John
>
>
Then I still need the prerouting-rule, but it will only alter the
destination address and not the port anymore. Would that help you think?
Thanks!
Tom.
next prev parent reply other threads:[~2004-09-01 18:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-01 17:53 locally access server behind firewall Tom
2004-09-01 18:05 ` John A. Sullivan III
2004-09-01 18:11 ` Tom [this message]
2004-09-01 18:08 ` Jason Opperisano
2004-09-01 18:13 ` Deepak Seshadri
2004-09-01 18:17 ` Alistair Tonner
2004-09-01 18:30 ` Tom
-- strict thread matches above, loose matches on Subject: below --
2004-09-01 18:20 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=413610D7.70008@tomdp.com \
--to=tom@tomdp.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.