Using External NATTED addresses Inside the Firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've got an external interface eth1 with ip's x.x.x.128/25
I have internal interface eth0 with ip's 192.168.123.0/24

I have some 1:1 NAT rules active

-A PREROUTING -d x.x.x.250 -p tcp -j DNAT --to-destination 192.168.123.252
-A PREROUTING -d x.x.x.160 -p tcp -j DNAT --to-destination 192.168.123.75
-A PREROUTING -d x.x.x.199 -p tcp -j DNAT --to-destination 192.168.123.31

and the corresponding POSTROUTING entries

-A POSTROUTING -s 192.168.123.252 -o eth1 -p tcp -j SNAT --to-source x.x.x.250
-A POSTROUTING -s 192.168.123.75 -o eth1  -p tcp -j SNAT --to-source x.x.x.160
-A POSTROUTING -s 192.168.123.31 -o eth1  -p tcp -j SNAT --to-source x.x.x.199

and the FORWARD entries

-A FORWARD -d 192.168.123.31 -p tcp -j ACCEPT
-A FORWARD -d 192.168.123.31 -p udp -j ACCEPT
-A FORWARD -d 192.168.123.252 -p tcp -m multiport --dport 80,3000,143,3389 -j ACCEPT
-A FORWARD -d 192.168.123.252 -p udp -m multiport --dport 80,3000,143,3389 -j ACCEPT
-A FORWARD -d 192.168.123.75 -p tcp -j ACCEPT
-A FORWARD -d 192.168.123.75 -p udp -j ACCEPT


What I need to happen is when a user on an Internal 192.168.123.x address tries to pull up
a web page or check mail or anything off of one of the three 1:1 NAT'd boxes they can by using the
real x.x.x.250 , .199 , or .160 addresses and or the boxes hostname. Another DNS server for just
internal use isn't possible right now. I need an iptable rule (probably OUTPUT) that redirects
the x.x.x.whatever address back to the internal address is it's one of the three and if it's
coming from the inside.


TIA
-Dave



David G. O'Brien
Web Services Coordinator / Systems Administrator

NACCRRA
The Nation's Network of Child Care Resource & Referral
1319 F Street NW, Suite 500
Washington, DC 20004
(202) 393-5501 ext. 113
(202) 393-1109 fax




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux