RE: iptables problem getting url's hosted inside
This works for me.
Firewall internal ip : 192.168.1.1
Webserver internal ip : 192.168.1.10
Internal class c subnet 192.168.1.0/24
Ports to connect to : tcp 21,80,443
iptables -t nat -A POSTROUTING -p tcp -m multiport -d 192.168.1.10 -s
192.168.1.0/24 --dports 21,80,443 -j SNAT --to 192.168.1.1
From: charlie [mailto:email@example.com]
Sent: Tuesday, May 18, 2004 5:59 PM
Cc: Debian Firewall - LIST
Subject: Re: iptables problem getting url's hosted inside
Do you have in internal DNS server? If you do, you can avoid the ugly
NAT approach and simply assign the domain name the internal IP.
external clients get external ip, internal clients get internal ip.
On Tue, 2004-05-18 at 22:00, hanasaki wrote:
> external internet - firewall - internal web server
> internet traffic on port 80 is passed to the internal web server
> external internet based browsers can hit the server
> inernal based browsers cannot
> What iptables runs are needed to let the internal browsers hit the
> internal server with the external IP
> now external users can hit the server with www.domain.com
> internal users get connection refused
> internal and external users get the same IP from "host www.domain.com"
> charlie wrote:
> > some more details?
> > -network stucture
> > -iptables rules
> > On Tue, 2004-05-18 at 14:02, hanasaki wrote:
> >>I have a box hosted inside the firewall. The firewall is passing
> >>external traffic to it fine. When an internal box tries to hit the
> >>external ip, that should loop back inside, connections fail.
> >>sites can be loaded fine.
> >>What can cause this and how can it be resolved?
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
General Pants Group
ph 02 9290 0813
fx 02 9299 6485
mb 0428 61 7766
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact