[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables natting

On Tuesday, 12.07.2005 at 15:35 +0100, Graham Smith wrote:

> I think the problem is that the redirect is to my public IP address
> and I am on a machine inside the network. I'm pretty sure that if I
> was outside the network this would work fine.

(Haven't read all your details abov, but just an observation on this

If you are port-forwarding for clients outside your network and expect
this to work for clients for local clients too, then you need to add
more rules.  One way to do this is to have DMZ and put the
server-to-be-contacted-from-outside in the DMZ, then setup port forwards
from outside (RED) and also from inside (GREEN).

In your setup, it sounds like you need to add a PREROUTING rule for
packets coming from your LAN which are addressed to your own public IP
(i.e. the GREEN interface, but addressed to the firewall's RED IP
address), and redirect them to the appropriate place.

An alternative would be to use a split-horizon DNS - where hostnames
resolve differently in- and outside the LAN.  For example, in our
network www.our.domain.name resolves to a 'real' public IP address in
the public DNS, but on the LAN, it resolves to an address in the private range ...

Please don't CC me on list messages!
Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org
All email from me is now digitally signed, key from http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92

Attachment: signature.asc
Description: Digital signature

Reply to: