This one time, at band camp, Ramon Acedo said: > Hi! > > I'd like to access to the hosts of my intranet with private ip's from the > outside. > I have the following net: > > A real domain name server managed by the computer which has the real ip, so > I can set all the names and > subdomains that I need. > A firewall wich is the same host than the dns server I told before, I've got > iptables in that host > and it masquerades my intranet so the other hosts with private ip's use it > as default gateway. > > I just want that when someone try to access to host1.mydomain.net from the > internet my firewall (and dns server) > forward the request to host1.local which has the private ip 192.168.1.20. > > I've looking for that in the DNS Howto's but haven't found a solution. I've > been thinking of a mix between > nat iptables and special dns resolving, may be with 2 name server's one for > the intranet and the other one for > the internet. > > But before starting I'd like to know if there is a sensible solution out > there unknown by me. Yes - port forwarding with iptables is what you want. Try a line like: /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 \ -j DNAT --to 192.168.0.2 in your iptables script - this maps ssh to an internal box, so I can pick up my mail from it when I'm out and about. You can decide which services are going to be run on that box,and just forward appropriately. HTH, Steve -- Reisner's Rule of Conceptual Inertia: If you think big enough, you'll never have to do it.
Description: PGP signature