On Thursday 24 July 2003 15:29, you wrote: > Rio Martin. wrote: > > Dear all, > > I describe first about my network: > > INTERNET --- eth0 [ NAT+Firewall Linux ] eth1 --- LAN > > eth0 would be my public ip = 211.1.1.10 > > eth1 would be my private ip = 192.168.1.1 > > On NAT+Firewall Linux i applied this rule: > > iptables -t nat -A PREROUTING -p tcp -d 211.1.1.10 --dport 80 -j DNAT > > --to 192.168.1.2:80 > > This is rule for redirecting to local webserver. > > I tried to test it from outside network (internet), surf to > > http://211.1.1.10 and it succeed. > > But from inside LAN network (192.168.1.3) i am unable to browse to > > http://211.1.1.10 > You need to SNAT internal connections so that replies go via the > firewall instead of directly to the client, otherwise the firewall > cannot reverse the DNAT and the client drops the reply packet. > Try this rule: > iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.2 > --dport 80 -j SNAT --to 192.168.1.1 i dont know, i tried but it still wont connect to webserver. Connection Refused. Regards, Rio Martin. -- You can measure a programmer's perspective by noting his attitude on the continuing viability of FORTRAN. -- Alan Perlis
