[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables - inside accessing outside ip and being bounced back inside

  You may find that the internal web server is sending its reply IP
packets directly to the internal client, instead of via the firewall.

  This can occur if the internal client and the internal web server have
the same subnet mask. The internal web server sends the packets straight
back to the internal client because of this. However the internal client
is expecting packets to come back from the external IP address, so it
drops the packets.


On Fri, Nov 28, 2003 at 10:21:44PM -0600, Hanasaki JiJi wrote:
> i have a firewwall with 2 nics .. its running iptables.   the outside 
> nic forwards port 80 to an internal webserver on an internal ip.  this 
> works great.  if an internal host hits the external ip.  traffic does 
> not go to the internal web server.  if an external host hits the 
> external ip traffic goes to the internal web server fine.  what iptable 
> rule will fix this?
> External Host - ipOutsideHost-1
> |
> |
> |
> Firewall NIC - ipOutsideFW
> Firewall NIC - ipInsideFW
> |
> |
> |
> Internal Host - ipInsideHost-1
> Internal Host - ipInsideHTTPServer-1
> Rules are setup for the following and work
> 	 OK - ipInsideHost-1 => ipOutsideHost-1
> 	 OK - ipOutsideHost-1 => ipOutsideFW
> 		forwarded to ipInsideHTTPServer-1
> The following fails and is what I need a iptables rule for
> 	FAIL - ipInsideHost-1 => ipOutsideFW
> 		forward back to ipInsideHTTPServer-1
> Any assistence in writting this rule would be appreciated
> Thank you.

Reply to: