Hi,
I should've asked this question in my previous post. I'm using
Linux 2.4.20 (should be patching it to 21 soon).
Right now, I have :
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_IP \
--dport 80 -j DNAT --to $HTTP_IP
$IPTABLES -A FORWARD -p tcp --dport 80 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -p tcp -d $HTTP_IP --dport 80 \
-j SNAT --to-source $FIREWAL_INT_IP
Right now, I can access the Internet from within the LAN.
The problem is when I try to use the FQDN (www.mydomain.net)
to access my webserver. I know that I've hit the exact
hurdle as mentioned within the iptables tutorial. But
the problem is, I have included the tutorial's suggestion of
adding that POSTROUTING rule in.
I had it working before, but the problem i had with
it working (*grin*) was that the web server wasn't logging
the EXT_IP's IP, but rather my firewall's internal IP.
I don't remember how I got it working before, so I'm
stuck with a dilemna. Should I allow FQDN references
for local users (and having the web server log packets
originating from the firewall) or should I disallow FQDN
(and having the webserver log the actual IPs).
Is there a way for me to have the best of both worlds?
Now I'm not sure if the last remaining 'rule' given in
the DNAT section is the clincher, but since I'm getting
an invalid argument (and still am searching for the
pom patch for it), I'm not able to use that third rule.
Any help appreciated
Edmund
--
email: cc@xxxxxxxxxxxxx | "A man who knows not where he goes,
| knows not when he arrives."
| - Anon
** All information contained in this email is strictly **
** confidential and may be used by the intended receipient **
** only. **
