* Jan Luehr (jan@kabelwelt-shop.de) [060130 06:32]: > Hello > > Am Sonntag, 29. Januar 2006 19:45 schrieb hanasaki: > > The goal is to have an internal webserver: > > - DONE - running on a high numbered port > > - DONE - firewall forwards 80->7777 on webserver > > - DONE - external hits on www.blah.com > > served by the httpserver > > - ???? - internal/intranet also can hit > > the webserver as www.blah.com > > > > The problem is that www.blah.com resolves to the external internet IP > > and then gets routed out of the firewall which does not come back in and > > get forwarded to the internal webserver. It would be ideal if internal > > web browser hits went straight to the internal server. > > > > What iptable rule can be put on the firewall so that internal port 80 > > traffic going to the external NIC on port 80 comes back to the internal > > webserver on port 7777? > > iptables -t nat -A PREROUTING -s LOCAL-NETWORK -d $EXTERNAL-IP -p tcp --dport > 80 -j DNAT --to-destination $LOCALIP:7777 This will only work if the firewall box is a router between the web server and the rest of the intranet. This will typically be the case in a 3-nic DMZ setup, but not in a 2-nic NAT setup. Do you run a DNS server? You may want to set it up so that internal clients resolve the web server's name to an internal address, and then have a port redirection rule (80->7777) on the web server itself. I think that will be the easiest thing to set up. good times, Vineet -- http://www.doorstop.net/
Attachment:
signature.asc
Description: Digital signature