Re: nat help!

To: debian-firewall@lists.debian.org
Subject: Re: nat help!
From: itachi@cnt.uo.edu.cu
Date: Thu, 6 Apr 2006 05:13:21 -0400 (CDT)
Message-id: <[🔎] 1208.10.30.142.3.1144314801.squirrel@mail.cnt.uo.edu.cu>
In-reply-to: <[🔎] 4434EDC7.4030107@plouf.fr.eu.org>
References: <[🔎] 3670.10.30.142.3.1144232172.squirrel@mail.cnt.uo.edu.cu> <[🔎] 4433D8E8.5080909@eccotours.co.za> <[🔎] 4064.10.30.142.3.1144237026.squirrel@mail.cnt.uo.edu.cu> <[🔎] 4433E990.1070909@alumni.amherst.edu> <4519.10.30.142.3.1144241313.squirrel@mail <[🔎] 4434EDC7.4030107@plouf.fr.eu.org>

well i found out
the trouble but not using iptables :(

i had to use apache mod proxy
but anyway i would like to know how can i do that using iptables

david

im using kernel version
2.4.27-2-386
is that kernel capable ?

> David Panofsky a écrit :
>> In one of your posts you mentioned that the web server is not directly
>> connected to the internet.  That caused me to think about it's routing
>> configuration...  Does this server (10.30.143.1) have a route to get
>> back to the NAT box (10.30.142.12)?
>
> It's a little more complicated. The serveur must have a route to the
> *client* address *via* the NAT box.
>
> But again, without more detail from Luis, all we can do is speculate
> endlessly.
>
>> Another possible problem that you may be having is due to how you're
>> accessing the NATed service.  Are your trying to access it from a third
>> computer on the other side of the NAT box, or from that box itself?  I
>> know it can be tricky to get a packet originating from the NAT server
>> itself to be properly processed by the iptables rules.
>
> It's not that tricky, you just need to copy the DNAT rule in the OUTPUT
> chain. And of course you need a Linux kernel version >= 2.4.19, and for
> versions < 2.4.29, it must have been compiled with the option
> CONFIG_IP_NF_NAT_LOCAL enabled.
>
> PS : Could people posting on this list cut unnecessary quote in their
> replies, and avoid HTML ? Thanks.
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>


-------------------------------------------------
                           Luis A. Rondon Paz
    L I N U X       .~.    Admin intranet CNT
   The  Choice      /V\    icq #132736035
    of a GNU       /( )\   itachi@cnt.uo.edu.cu
   Generation      ^^-^^    Santiago de cuba
                   UONET







           ###########
         ###############
       ####           ####
-   ,$$P'               ###
- ',$$P       ,-***      ###
- `d$$'     ,##    *     ###
-  $$P      ##     *     ###
-  $$:      ##   -      ###
-  $$;      ###       ###
-  Y$$.    `   #######
-  `$$b      "-.__
-   `Y$$b
-    `Y$$.
-      `$$b.
-        `Y$$b.
-          `"Y$b._
-------------------------------------------------

Reply to:

Follow-Ups:
- Re: nat help!
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

References:
- nat help!
  - From: itachi@cnt.uo.edu.cu
- Re: nat help!
  - From: Brent Clark <bclark@eccotours.co.za>
- Re: nat help!
  - From: itachi@cnt.uo.edu.cu
- Re: nat help!
  - From: David Panofsky <depanofsky97@alumni.amherst.edu>
- Re: nat help!
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

Prev by Date: webmin problem.
Next by Date: Re: nat help!
Previous by thread: Re: nat help!
Next by thread: Re: nat help!
Index(es):
- Date
- Thread