* problems routing
@ 2002-06-24 15:43 Tim
2002-06-24 15:46 ` Karl Fischer
0 siblings, 1 reply; 3+ messages in thread
From: Tim @ 2002-06-24 15:43 UTC (permalink / raw)
To: netfilter
I have a 192.168.100.0 network with my iptables box sitting at
192.168.100.12 and a mailserver at 192.168.100.10 and also with a public ip
and name.
I have several users who are both on the road and work in the office
commonly.
I want to make a rule for them so that when they request mail.cimx.com it
redirects to 192.168.100.10.
I tried to make the following rule:
iptables -t nat -A PREROUTING -p tcp -d $MAIL_IP -j REDIRECT 192.168.100.10
but it seems to not work.
I then changed it to:
iptables -t nat -A PREROUTING -p tcp -d 204.192.102.210 -j LOG
to see the request and I see the request in the logs.
Is there something I am missing?
Thanks in advance.
-- Tim
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: problems routing
2002-06-24 15:43 problems routing Tim
@ 2002-06-24 15:46 ` Karl Fischer
2002-06-24 15:59 ` Antony Stone
0 siblings, 1 reply; 3+ messages in thread
From: Karl Fischer @ 2002-06-24 15:46 UTC (permalink / raw)
To: Tim; +Cc: Netfilter mailing list
Tim wrote:
>
> I have a 192.168.100.0 network with my iptables box sitting at
> 192.168.100.12 and a mailserver at 192.168.100.10 and also with a public ip
> and name.
>
> I have several users who are both on the road and work in the office
> commonly.
>
> I want to make a rule for them so that when they request mail.cimx.com it
> redirects to 192.168.100.10.
>
> I tried to make the following rule:
> iptables -t nat -A PREROUTING -p tcp -d $MAIL_IP -j REDIRECT 192.168.100.10
> but it seems to not work.
You'll have to use DNAT for that:
iptables -t nat -A PREROUTING -p tcp -d $MAIL_IP \
-j DNAT --to-dest 192.168.100.10
HTH
- Karl
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: problems routing
2002-06-24 15:46 ` Karl Fischer
@ 2002-06-24 15:59 ` Antony Stone
0 siblings, 0 replies; 3+ messages in thread
From: Antony Stone @ 2002-06-24 15:59 UTC (permalink / raw)
To: Netfilter mailing list
On Monday 24 June 2002 4:46 pm, Karl Fischer wrote:
> Tim wrote:
> > I have a 192.168.100.0 network with my iptables box sitting at
> > 192.168.100.12 and a mailserver at 192.168.100.10 and also with a public
> > ip and name.
> >
> > I have several users who are both on the road and work in the office
> > commonly.
> >
> > I want to make a rule for them so that when they request mail.cimx.com it
> > redirects to 192.168.100.10.
> >
> > I tried to make the following rule:
> > iptables -t nat -A PREROUTING -p tcp -d $MAIL_IP -j REDIRECT
> > 192.168.100.10 but it seems to not work.
>
> You'll have to use DNAT for that:
>
> iptables -t nat -A PREROUTING -p tcp -d $MAIL_IP \
> -j DNAT --to-dest 192.168.100.10
Be careful that when they're in the office, on the LAN, the server will try
to reply direct to their machine, which doesn't go back through the firewall
(local address, not routed), so the reverse SNAT won't get done, and the
client risks sending a request to 204.192.102.210 and getting a reply from
192.168.100.10, which will confuse it.
You'll probably need to SNAT the packets too to make sure the replies go back
through the firewall:
iptables -t nat -A POSTROUTING -p tcp -d 192.168.100.10 -s 192.168.100.0/24
-j SNAT --to 192.168.100.12
Antony.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-06-24 15:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-24 15:43 problems routing Tim
2002-06-24 15:46 ` Karl Fischer
2002-06-24 15:59 ` Antony Stone
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox