[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Emulate real ip's to access intranet hosts from outside

This one time, at band camp, Ramon Acedo said:
> Hi!
> I'd like to access to the hosts of my intranet with private ip's from the
> outside.
> I have the following net:
> A real domain name server managed by the computer which has the real ip, so
> I can set all the names and
> subdomains that I need.
> A firewall wich is the same host than the dns server I told before, I've got
> iptables in that host
> and it masquerades my intranet so the other hosts with private ip's use it
> as default gateway.
> I just want that when someone try to access to host1.mydomain.net from the
> internet my firewall (and dns server)
> forward the request to host1.local which has the private ip
> I've looking for that in the DNS Howto's but haven't found a solution. I've
> been thinking of a mix between
> nat iptables and special dns resolving, may be with 2 name server's one for
> the intranet and the other one for
> the internet.
> But before starting I'd like to know if there is a sensible solution out
> there unknown by me.
Yes - port forwarding with iptables is what you want.

Try a line like:
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 \
        -j DNAT --to

in your iptables script - this maps ssh to an internal box, so I can
pick up my mail from it when I'm out and about.  You can decide which
services are going to be run on that box,and just forward
Reisner's Rule of Conceptual Inertia:
	If you think big enough, you'll never have to do it.

Attachment: pgp2a89yxca0y.pgp
Description: PGP signature

Reply to: