Internal access for NAT

To: <debian-firewall@lists.debian.org>
Subject: Internal access for NAT
From: "Ryan White" <ryan@itamigo.com>
Date: Tue, 30 Apr 2002 11:46:33 -0700
Message-id: <[🔎] 007501c1f077$74da1bb0$040110ac@itamigo.com>

I have an external ip 12.34.56.78 NATed to 172.16.2.2 but when another
workstation behind the firewall tries to connect to 12.34.56.78 they are
unable to connect. Here is my little nat:

$IPTABLES -I PREROUTING -p tcp -t nat -d 12.34.56.78 --dport 80 -j DNAT --to
172.16.2.2:80
$IPTABLES -I PREROUTING -p tcp -t nat -d 12.34.56.78 --dport 443 -j
DNAT --to 172.16.2.2:443
$IPTABLES -I FORWARD -p tcp -i eth0 -d 172.16.3.6 -m state --state NEW -j
ACCEPT
$IPTABLES -I FORWARD -p tcp -o eth1 -d 12.34.56.78 -m state --state NEW -j
ACCEPT


What do I have to add to get an internal machine to access 12.34.56.78
directly?
Some answers to obvious questions:
Forward NAT works I can connect from the outside to 12.34.56.78:80
Internal access to the internal ip works, I can connect to 172.16.2.2:80

Thanks for your help.

-Ryan


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Internal access for NAT
  - From: Jonathan Freiermuth <jonf@voiceweb.net>

Prev by Date: using DNAT problem
Next by Date: Re: Internal access for NAT
Previous by thread: using DNAT problem
Next by thread: Re: Internal access for NAT
Index(es):
- Date
- Thread