From: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
To: Jorge Canas <jcanas2000@xxxxxxxxxxx>
Le samedi 10 février 2007 à 03:45 -0500, Jorge Canas a écrit :
> How do I configure the firewall rules on the gw so that the port
forwarding
> also occurs when my other local network machines try to go to the
website
> via the public domain name?
You have to extend your SNAT rule so thoses machines egts NATed when
trying to reach this webserver using its public IP, otherwise, you'll
get a triangle situation where your webserver sends its SYN/ACK directly
through the LAN with its private IP.
Something like:
iptables -t nat -A POSTROUTING -s $LAN -d $WebServPrivIP \
-j SNAT --to-source $GWPrivIP
BTW, it's a FAQ, but I agree it might be difficult to find relevant
answers in the wild.
Thanks for the reply Cedric. I tried the rule but it did not work. I got a
connection refused message. This is the rule I added:
iptables -A POSTROUTING -s 192.168.123.0/24 -d 192.168.123.164 -j SNAT
--to-source 192.168.123.161 -t nat
My internal webserver is running at 192.168.123.164
The internal interface of the GW is 192.168.123.161
_________________________________________________________________
Don?t miss your chance to WIN 10 hours of private jet travel from Microsoft
Office Live http://clk.atdmt.com/MRT/go/mcrssaub0540002499mrt/direct/01/
