Re: NAT iptables routing issue
On Thu, 2004-07-08 at 14:13, Caveman wrote:
> Hi all,
>
> I have a slight problem I am not sure how to get around.
> Firstly let me draw you a picture. I have computer 'A' which is directly
> connected to the internet and is the ONLY computer to have a internet IP.
> It routes (via nat ) traffic from clients on the lan to the internet etc.
>
> Now on box 'B' I have a webserver running and I have forwarded (using
> prerouting) port 80 to box 'B''s LOCAL IP. This works fine for people outside
> my network (IE, the internet) but I cant access the webserve by using the
> internet IP from the lan, its never been a big issue, but i have finally
> decided that I need to work out how to fix this.
>
> Any ideas ? The below code is my NAT and prerouting stuff i have setup. I know
> that the postrouting rule i have now is whats causing the issue, but I am
> unsure as to how I should get around this.
>
>
> Thanks.
>
> Caveman
>
> -----------------------------------
> #NOTE eth0 is connected to the internet, eth1 is lan.
> # flush any old rules
> $IPTABLES -F -t nat
> # turn on POSTROUTING
> $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
> #forward port 80 from INTERNET IP connections to 192.168.0.2 port 80
> $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to
> 10.1.1.2:80
> ------------------------------------------------------------
hi caveman,
i'm no firewall expert, but when you use the internet ip from your lan,
packets probably get routed through your router, box 'A'. so you'll have
to create some rules for incoming packets on your eth1 lan-interface to
accept these packets. i'm not sure on the details though..
hope this helps :-)
regards,
-rodi.
Reply to: