iptables: forwarding internal webserver

To: debian-user@lists.debian.org
Subject: iptables: forwarding internal webserver
From: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
Date: Sat, 15 Mar 2003 16:21:56 +0100 (MET)
Message-id: <[🔎] Pine.GHP.4.44.0303151609530.2761-100000@elektron.its.tudelft.nl>

Hi,

I have a router<->firewall<->LAN with the firewall being a Linux box. The
firewall runs (among others) a webserver. When from within the LAN a
webpage is requested with the external IP, the browser gives a time-out
because the router freaks out when his own IP is requested from within.

What I would like to do is that queries made to the external IP $ext_ip
from the LAN $lan_ip is forwarded to the server directly, $server_ip.

I have rtfm and stfw and came up with the following two lines:
$IPTABLES -t nat -A PREROUTING -p tcp -i $lan_iface -s $lan_ip -d $ext_ip -j DNAT --to $server_ip
$IPTABLES -t nat -A POSTROUTING -o $lan_iface -j MASQUERADE

Another form I have been playing around with:
$IPTABLES -t nat -A PREROUTING  -d $ext_ip -p tcp -j DNAT --to $server_ip
$IPTABLES -t nat -A POSTROUTING -d $server_ip -s $local_lan -p tcp -j SNAT --to $server_ip

neither of them seem to work. I must be overlooking something. Can someone
help?

Thanks in advance,
Sebastiaan


--
  NT is the OS of the future. The main engine is the 16-bit Subsystem
  (also called MS-DOS Subsystem). Above that, there is the windoze 95/98
  16-bit Subsystem. Anyone can see that 16+16=32, so windoze NT is a
  *real* 32-bit system.

Reply to:

Prev by Date: Re: Mozilla stops accepting typed input
Next by Date: Re: wma in linux
Previous by thread: Re: smtp alais to point to dev null
Next by thread: Printers via SMB?
Index(es):
- Date
- Thread