I have a small LAN and want to allow access to an internal(no real ip, sorry
;-)) web server to Internet clients
The gateway is using iptables v1.2.11(debian sarge)
I have activated port forwarding, so that Internet traffic targeted at my
gateway's port 80 is forwarded to the internal web server and works just fine.
(To make things a bit clear:
the Internet accesses the gateway through $INET_IP,
the LAN accesses the gateway through $LAN_IP,
the IP of the internal web server is $HTTPD_IP)
What I also want, however, is to allow other LAN hosts have access to the same
web server using the FQDN of the gateway(say http://mysite.dyndns.org). To do
that correctly I must also SNAT LAN packets destined to $INET_IP of the
gateway:
iptables -t nat -A POSTROUTING -p TCP -i $LAN_IFACE -d $HTTPD_IP --dport 80 -j
SNAT --to-source $LAN_IP
Which gives me an error:
iptables v1.2.11: Can't use -i with POSTROUTING
Finally, I want to be able to contact the web server from the gateway through
the FQDN as well. So I need to DNAT locally generated packets so that they
are sent to the proper host:
iptables -t nat -A OUTPUT -p TCP -d $INET_IP --dport 80 -j DNAT
--to-destination $HTTPD_IP:80
Which also gives me an error:
iptables v1.2.7a: Invalid argument
Firstly, I would really apreciate it if someone could tell me what is wrong
with rules 2 and 3?
Secondly, is there a way to achieve this functionality?
p.s. These rules are taken from Oscar Andreasson's extensive discussion of
DNAT target in his "Iptables Tutorial 1.2.0", section 11.3
(http://iptables-tutorial.frozentux.net/iptables-tutorial.html).
Thanks a lot in advance,
Antonis
____________________________________________________________________
http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου.
http://www.freemail.gr - free email service for the Greek-speaking.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org