Re: Port forwarding and local firewall connections
On 2007-07-12 Marco wrote:
> On Thu, 12 Jul 2007 14:48:37 +0200, Ansgar -59cobalt- Wiechers wrote:
>> Then do NAT for that interface. To repeat myself: you don't need NAT
>> for connections between your two private networks. Stop using NAT
>> there, and your problem is solved.
>
> Maybe I don't understand this, but if I don't use NAT there from the
> internet I can't connect to the webserver. With this rule commented:
>
> iptables -t nat -A PREROUTING -i ! $DMZIF -p tcp --dport 80
> -j DNAT --to 192.168.10.2
>
> everything works from LAN, but not from internet. Firewall has a
> public IP address and it's accepting connections from internet and
> LAN.
If you comment that rule out, you don't make NAT at all. That's not what
you want. You want a NAT rule for internet traffic only, e.g. like this:
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 80 \
-j DNAT --to 192.168.10.2
With $EXTIF being your firewall's external (Internet) interface.
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
Reply to: