Re: Port forwarding and local firewall connections
On 2007-07-12 Marco wrote:
> On Thu, 12 Jul 2007 14:48:37 +0200, Ansgar -59cobalt- Wiechers wrote:
>> Then do NAT for that interface. To repeat myself: you don't need NAT
>> for connections between your two private networks. Stop using NAT
>> there, and your problem is solved.
> Maybe I don't understand this, but if I don't use NAT there from the
> internet I can't connect to the webserver. With this rule commented:
> iptables -t nat -A PREROUTING -i ! $DMZIF -p tcp --dport 80
> -j DNAT --to 192.168.10.2
> everything works from LAN, but not from internet. Firewall has a
> public IP address and it's accepting connections from internet and
If you comment that rule out, you don't make NAT at all. That's not what
you want. You want a NAT rule for internet traffic only, e.g. like this:
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 80 \
-j DNAT --to 192.168.10.2
With $EXTIF being your firewall's external (Internet) interface.
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."