I have one gateway machine with iptables 1.2.7a. It
is has an external ip address FW_EXT = 1.2.3.4 and an internal ip address FW_INT
= 2.3.4.5
I have a machine hiding behind this gateway running
apache 2.0.43. It has an internal ip address HTTP_INT =
4.5.6.7
Here is how I have my rules setup:
-A FORWARD -p tcp -j ACCEPT
-A PREROUTING -d FW_EXT -p tcp -m tcp --dport
80 -j DNAT --to-destination HTTP_INT:80
-A POSTROUTING -d FW_EXT -p tcp -m tcp --dport
80 -j SNAT --to-source FW_INT
-A POSTROUTING -o eth0 -j MASQUERADE
-A OUTPUT -d FW_EXT -p tcp -m tcp --dport 80
-j DNAT --to-destination HTTP_INT
I set this up just as described in the netfilter
tutorial
If I leave it as is, everything works fine from
hosts outside my network and on the apache server, the log files indicate the
correct source address. I cannot however access the server from my
internal network.
If I add a rule like
-A POSTROUTING -o eth1 -j SNAT --to-source
FW_EXT
I can then access the server from my internal
network but in the apache logs, it shows all requests as coming from
FW_EXT.
How can I fix this?
Thank you,
Kevin
Conaway
|