From: Damien Mason <damien@suse.net.au>
To: skydive <skydive@megamail.pt>, netfilter@lists.netfilter.org
Subject: Re: http access - fixing DNAT port forwarding access from internal networks.
Date: Fri, 21 Nov 2003 09:39:54 +1100 [thread overview]
Message-ID: <3FBD42BA.4000504@suse.net.au> (raw)
In-Reply-To: 1069364822.3fbd3656723b4@roma-hme1
you need an SNAT rule in there too.
iptables -t nat -A POSTROUTING -p tcp --dport $PORT -s
$INTNETWORK/SUBNET -d $INTIPSERVER -j SNAT --to-source $INTIPFIREWALL
eg.
iptables -t nat -A POSTROUTING -p tcp --dport 80 -s 192.168.0.0/24 -d
192.168.0.1 -j SNAT --to-source 192.168.0.254
(assuming .254 is your firewall and .1 is your webserver)
skydive wrote:
>hi all
>
>i have been experienced a problem since i'm trying to
>access my web server from my lan through my internet ip.
>
>i have no problems doing DNAT, from those who access my
>web page form the outside:
>
>iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80
>-j DNAT --to 192.168.0.1:80
>
>this is solving the problem
>
>let's say my web page has the following address
>www.example.org, and that it is host [like it is ;)) ]
>in one machine on my lan with the following IP:
>
>192.168.0.1
>
>when i write www.example.org on my web browser, it just
> hits eth1 on my gateway/firewall and stucks there.
>maybe i'm missing something on my prerouting rules, or
>maybe my small brain just can't reach it :)
>
>the way i see it, when i put www.example.org on my web
>browser, i send i request to my gateway, and it was
>supposed to take it back to my lan, where the site is
>hosted.
>
>not working though...
>
>can somebody please help with these missing rules?! or
>is it just something else i'm missing?
>
>thanks to those who took the time to ride all this
>garbage and i'm greatfull even if you are not able to
>help whatever your reason is ;)))
>
>[][] * * *
>skydive!
>
>-------------------------------------------------
>Email Enviado utilizando o serviço MegaMail
>
>
>
>
--
Damien Mason
SuSE Systems Specialist
http://www.suse.net.au./
damien@suse.net.au
SuSE Linux Asia-Pacific Pty Ltd
Ph: +61 (2) 943 943 94
Fax:+61 (2) 9437 38 39
next prev parent reply other threads:[~2003-11-20 22:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-20 21:47 http acces skydive
2003-11-20 22:39 ` Damien Mason [this message]
2003-11-21 11:05 ` http access - fixing DNAT port forwarding access from internal networks skydive
2003-11-20 22:54 ` http acces Antony Stone
2003-11-21 10:47 ` skydive
2003-11-21 11:37 ` Antony Stone
2003-11-21 2:02 ` Josh Berry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3FBD42BA.4000504@suse.net.au \
--to=damien@suse.net.au \
--cc=netfilter@lists.netfilter.org \
--cc=skydive@megamail.pt \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox