Dear all, I describe first about my network:
INTERNET --- eth0 [ NAT+Firewall Linux ] eth1 --- LAN
eth0 would be my public ip = 211.1.1.10 eth1 would be my private ip = 192.168.1.1
On NAT+Firewall Linux i applied this rule:
iptables -t nat -A PREROUTING -p tcp -d 211.1.1.10 --dport 80 -j DNAT --to 192.168.1.2:80
This is rule for redirecting to local webserver.
I tried to test it from outside network (internet), surf to http://211.1.1.10 and it succeed.
But from inside LAN network (192.168.1.3) i am unable to browse to http://211.1.1.10
You need to SNAT internal connections so that replies go via the firewall instead of directly to the client, otherwise the firewall cannot reverse the DNAT and the client drops the reply packet.
Try this rule:
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.2 --dport 80 -j SNAT --to 192.168.1.1
-- Philip Craig - philipc@xxxxxxxxxxxx - http://www.SnapGear.com SnapGear - Custom Embedded Solutions and Security Appliances
