Re: NAT iptables routing issue, flamewar solution.

To: debian-firewall@lists.debian.org
Cc: debian-www@lists.debian.org
Subject: Re: NAT iptables routing issue, flamewar solution.
From: Mike Mestnik <cheako911@yahoo.com>
Date: Thu, 8 Jul 2004 12:09:46 -0700 (PDT)
Message-id: <[🔎] 20040708190946.90391.qmail@web11903.mail.yahoo.com>
In-reply-to: <[🔎] 200407082213.23701.biocorporation-1@optusnet.com.au>

for debian-www@lists.debian.org
> Dose any one have a Debian Firewall site?
> We may wish to have a HOWTO and FAQ about this subject.  There is lots
of
> info and security issues that could populate this site.  I would be
> willing to select what info should be on this site, correct wording, and
> alert web staff of problems.  This would manly consist of copying the
> list so that the info can easily be changed without every one having to
> update there links.

This topic affects many ppl and has several working solutions.  It's clear
that no one solution will ever win and that debian should directly support
these configs.  

1. There should be a HOWTO and FAQ instead of flames on this list.  Simply
because no one person is an expert on every solution.  It's simpler to say
RTFH and provide a URL than to reexplain how a NIC(22nd century wheel)
works.
Dose any one have a Debian Firewall site(debian-www@lists.debian.org)? 
Maby this can exist as a posting in the Archives, this would be harder to
edit or maintain?

2. This means that helper programs that setup NAT should allow the user to
chose what solution he is willing to use(As a wishlist bug).  Any NAT
helper that simply leaves this broken setup has a bug(normal or grater)
that needs fixing.  

--- Caveman <biocorporation-1@optusnet.com.au> wrote:
> Hi all,
> 
> I have a slight problem I am not sure how to get around.
> Firstly let me draw you a picture. I have computer 'A' which is directly
> 
> connected to the internet and is the ONLY computer to have a internet
> IP. 
> It routes (via nat ) traffic from clients on the lan to the internet
> etc.
> 
> Now on box 'B' I have a webserver running and I have forwarded (using 
> prerouting) port 80 to box 'B''s LOCAL IP. This works fine for people
> outside 
> my network (IE, the internet) but I cant access the webserve by using
> the 
> internet IP from the lan, its never been a big issue, but i have finally
> 
> decided that I need to work out how to fix this.
> 
> Any ideas ? The below code is my NAT and prerouting stuff i have setup.
> I know 
> that the postrouting rule i have now is whats causing the issue, but I
> am 
> unsure as to how I should get around this.
> 
> 
> Thanks.
> 
> Caveman
> 
> -----------------------------------
> #NOTE eth0 is connected to the internet, eth1 is lan.
> # flush any old rules
> $IPTABLES -F -t nat
> # turn on POSTROUTING
> $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
> #forward port 80 from INTERNET IP connections to 192.168.0.2 port 80
> $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 
> 10.1.1.2:80
> ------------------------------------------------------------
> 

__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Reply to:

Follow-Ups:
- Re: NAT iptables routing issue, flamewar solution.
  - From: Matt Kraai <kraai@ftbfs.org>
- Re: NAT iptables routing issue, flamewar solution.
  - From: Daniel Pittman <daniel@rimspace.net>

References:
- NAT iptables routing issue
  - From: Caveman <biocorporation-1@optusnet.com.au>

Prev by Date: Re: NAT iptables routing issue
Next by Date: Re: NAT iptables routing issue
Previous by thread: Re: NAT iptables routing issue
Next by thread: Re: NAT iptables routing issue, flamewar solution.
Index(es):
- Date
- Thread