Re: Rerouting remote users to VPN channel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Matt Barclay:

Yes, you need SNAT and DNAT rules.  Something like this ought to work


Thank you, Matt, for answering.


iptables -t mangle -A PREROUTING -d <yourPublicIP> -p tcp --dport 80
-j MARK --set-mark 80
iptables -t nat -A PREROUTING -m mark --mark 80  -j DNAT --to 192.168.30.9
iptables -A FORWARD -m mark --mark 80 -j ACCEPT
iptables -t nat -A POSTROUTING -m mark --mark 80 -j SNAT --to
<firewallPrivateIP>
Yes, I set up something like this few hours ago, and it worked. But, unfortunately, Intranet Web application uses absolute private IP addresses, so that can't work. Application starts, but when user clicks on some option connection hangs trying to open http://192.168.30.9/.... :-( I can't change third-party Web app.
I don't see any other solution but setting up VPN so users have private routeable IP addresses. 

Thanks anyway.

GI
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux