[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Emulate real ip's to access intranet hosts from outside



This one time, at band camp, Ramon Acedo said:
> Hi!
> 
> I'd like to access to the hosts of my intranet with private ip's from the
> outside.
> I have the following net:
> 
> A real domain name server managed by the computer which has the real ip, so
> I can set all the names and
> subdomains that I need.
> A firewall wich is the same host than the dns server I told before, I've got
> iptables in that host
> and it masquerades my intranet so the other hosts with private ip's use it
> as default gateway.
> 
> I just want that when someone try to access to host1.mydomain.net from the
> internet my firewall (and dns server)
> forward the request to host1.local which has the private ip 192.168.1.20.
> 
> I've looking for that in the DNS Howto's but haven't found a solution. I've
> been thinking of a mix between
> nat iptables and special dns resolving, may be with 2 name server's one for
> the intranet and the other one for
> the internet.
> 
> But before starting I'd like to know if there is a sensible solution out
> there unknown by me.
Yes - port forwarding with iptables is what you want.

Try a line like:
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 \
        -j DNAT --to 192.168.0.2

in your iptables script - this maps ssh to an internal box, so I can
pick up my mail from it when I'm out and about.  You can decide which
services are going to be run on that box,and just forward
appropriately.
HTH,
Steve
-- 
Reisner's Rule of Conceptual Inertia:
	If you think big enough, you'll never have to do it.

Attachment: pgppBdIdzVgjd.pgp
Description: PGP signature


Reply to: