I tried this ... and doesn't seem to work... but i'm afraid my firewall
script is kinda messy
I realized that i use MASQUERADE instead of SNAT.
Can you give me a script or a link where to get one for my case ?
I will show the stuff that i have :
eth0(aaa.bbb.ccc.ddd)
|
fw
|
eth1(192.168.13.1)
|
switch
|
LAN
- eth0 has a staticaly assigned IP by my ISP.
- eth1 has an private IP staticaly assigned by me.
- on LAN i have a machine (192.168.13.199) which runs a webserver which i
want to be accesible from the world.
I think that i should use Static NAT for my machines inside LAN.
I have a firewall script that i just realized that was created for Dynamic
NAT.
I'm running Slackware 8.0 with kernel 2.4.5(all the modules for netfilter
are compiled into kernel(i don't need modprobe)).
I hope i was clear enough.
Thank you four your efforts,
Danila Octavian
----- Original Message -----
From: Matt Hellman <mhellman@taxandfinance.com>
To: 'PiSiC...' <pisic@service.agress.ro>
Cc: <netfilter@lists.netfilter.org>
Sent: Friday, February 28, 2003 6:18 AM
Subject: RE: possibly annoing ...
> I'll give you an example. It assumes a default drop policy. Also, INTIF =
> internal interface, HTTP1 = external ip address clients will connect to
> (www.mydomain.com resolves to this address), and HTTPDMZ1 = internal web
> server.
>
> ##### Setup prerouting rules to route Internet traffic internally
> ## Change the destination of external $HTTP requests to the DMZ HTTP
server
> $ipt -t nat -A PREROUTING -i $EXTIF -p tcp -d $HTTP1 --dport 33333 -j DNAT
> --to $HTTPDMZ1:80
>
> ## Allow established,related forward traffic
> $ipt -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> ## Allow new http forward traffic from Internet to servers in the DMZ
> $ipt -A FORWARD -m state --state NEW -i $EXTIF -p tcp -d $HTTPDMZ1 --dport
> 80 -j ACCEPT
> $ipt -A FORWARD -m state --state NEW -i $EXTIF -p tcp -d $SMTPDMZ --dport
25
> -j ACCEPT
