Michelle Konzack wrote:
If everything is on the same LAN using the same firewall you can do like this to route the packets correctly: Note I placed commonly known ip's in here -- not ours -- just so you have something to ref.Am 2006-01-29 12:45:09, schrieb hanasaki:The goal is to have an internal webserver: - DONE - running on a high numbered port - DONE - firewall forwards 80->7777 on webserver - DONE - external hits on www.blah.com served by the httpserver - ???? - internal/intranet also can hit the webserver as www.blah.com The problem is that www.blah.com resolves to the external internet IP and then gets routed out of the firewall which does not come back in andThis is a problem with DNS-Loop-Back. Please search google for it. The solution is, to add an entry for the Webserver to your /etc/hosts. Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant
# NAT into individual hosts; firewalled by FORWARD rules defined in this configuration earlier (not included in this snippet). # Prerouting -d is the public IP of the webserver --to-dest IP is the private IP address of said server.
-A PREROUTING -d 128.101.101.101 -j DNAT --to-dest 192.168.2.2 # Fix up NAT from internal hosts# postrouting -s is LAN subnet, -d is LAN IP of web server --to-source is IP of gateway (firewall) -A POSTROUTING -s 192.168.2.0/24 -d 192.168.2.2/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 192.168.2.254
Hope this helps! Matt