Am Fre, 2003-10-10 um 06.45 schrieb JM: > i want to access the http server on "remote server x" from LAN.. without going through the internet.. > so what i did is setup DNAT on "remote server A" but somehow its not working.. > > this is my ruleset.. > > NAT > -A PREROUTING -d serverA_IP -p tcp -m tcp --sport 1024:65535 --dport 81 -j DNAT --to-destination serverx_IP:80 > > FILTER > -A INPUT -p tcp -s LAN_IP/24 --sport 1024:65535 -d serverA_IP --dport 81 -j LOG --log-prefix "INPUT packets:" > -A FORWARD -d serverx_IP -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT > -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > -A FORWARD -p tcp -j LOG --log-prefix "FORWARD packets:" > So how does it not work? What error messages do you see? Did you enable routing on server_A? You probably want an SNAT rule too, because otherwise server_X will try to answer directly to the LAN. That might create problems doing conntrack on server_A and your Firewall protecting the LAN. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
