|
This
has been requested many time in the past. You have to remember that your DNAT
rule only applies to outsiders, you must DNAT the inside users as well as you do
with them when they browse outside websites you have to MASQUERADE them to your
internal one as well..
Thanks, George Vieira Citadel Computer Systems Pty Ltd
-----Original Message-----
From: Anthony R. Vallario [mailto:avallario@xxxxxxxxxxxxxx] Sent: Monday, August 18, 2003 9:06 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: IPTABLES Difficulties To whom it may concern;
I have an iptables NAT box setup on Redhat 9.0. I recently
added a box behind the firewall that will act as a web server. I didn't want to
do a DMZ as money is tight. I used the following rules to get all outside
requests on port 80 to the web server inside:
-A PREROUTING -p tcp -i eth0 -d $publicip --dport
80 -j DNAT --to-destination $internalip
-A PREROUTING -p tcp -i eth0 -d $publicip --dport 443 -j DNAT --to-destination $internalip My only problem is when somebody behind the
firewall wants to access this webserver, it doesn't work. I don't want to have
to type in the internal ip. I don't want to install an internal dns server. I
would like my workstations to be able to type in the FQDN for the webserver and
it actually work. If NAT works, why doesn't it go out the firewall and turn
right back around and go to the webserver?
Anthony R. Vallario
|
