Re: NAT Question

To: Nicos Gollan <gtdev@spearhead.de>
Cc: debian-user@lists.debian.org
Subject: Re: NAT Question
From: Sven Gaerner <sgaerner@gmx.net>
Date: Thu, 21 Nov 2002 00:47:59 +0100
Message-id: <[🔎] 20021120234759.GC1109@insomnia>
In-reply-to: <[🔎] 200211201608.10919.gtdev@spearhead.de>
References: <[🔎] 20021120095908.GA32337@christine.shadow.local> <[🔎] 200211201608.10919.gtdev@spearhead.de>

Hi,

I solved this by changing the following rules.

1. masquerading is not bound to the interface but masquerades only
   traffic that is coming from LAN
2. one DNAT rule that forwards packages to my server if the source is a
   LAN address and the destination address is my external assigned
   address
3. one DNAT rule that forwards any package that arrives on my external
   (ppp0) interface and comes from anywhere

Thanks for your help.

Bye,

Sven


On Wed, Nov 20, 2002 at 04:08:03PM +0100, Nicos Gollan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 20 November 2002 10:59, sgaerner@gmx.net wrote:
> > I'm using a DSL line for connecting to the internet and I'm trying to
> > run a jabber server.
> > The problem I have is that the jabber server stores each account with
> > a FQDN. Because I want to use my account from the internet and from
> > my LAN, I want to connect from my LAN to my external IP that is
> > shared via dynamic DNS.
> >
> > The jabber server runs on a machine behind the firewall and the port
> > is forwared with destination NAT (DNAT).
> > [...]
> > If someone has a hint or a solution which firewall rules to add or
> > delete to connect to my external assigned IP from my LAN, please send
> > me an email.
> 
> Normally, you should just have to use the DNS name you're using from 
> within the LAN. Your box then looks up the name, gets the assigned 
> dynamic IP, connects to your gateway server and is forwarded to your 
> jabber server.
> 
> A problem might arise if you're specifying the DNAT based on the device 
> on which packets are received, so you might want to make sure that the 
> DNAT rule catches traffic from within your LAN as well. Something like
> 
> iptables -t nat -I PREROUTING -p <protocol> -s <yournetspec> --dport 
> <jabberport> -j DNAT --to <jabberserver>:<jabberport>
> 
> should do the trick. Also make sure you don't block jabber traffic 
> coming from inside your net.
> 
> - -- 
> Embedded Linux -- True multitasking!
> TWO TOASTS AT THE SAME TIME!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> 
> iD8DBQE926VYeOF0+zcVdv8RAtBQAJ9PcOGsm7uy07Slt71iMQXxnfM9wQCfQkMb
> yhSeo+qoCuBmjp+16WFFQbo=
> =2wqh
> -----END PGP SIGNATURE-----
> 

-- 
There are only 10 types of people in the world:
Those who understand binary and those who don't.
+-------------------------------------------------------------------------+
| Please reply only to sgaerner@gmx.net                                   |
| Do not send HTML mails, they will be erased... unread.                  |
+-------------------------------------------------------------------------+

Reply to:

References:
- NAT Question
  - From: sgaerner@gmx.net
- Re: NAT Question
  - From: Nicos Gollan <gtdev@spearhead.de>

Prev by Date: xvncviewer respawn
Next by Date: Re: When packaging systems go awry (Was: Re: Are we losing users to Gentoo?)
Previous by thread: Re: NAT Question
Next by thread: KMAIL
Index(es):
- Date
- Thread