Re: Altering firewall rules to enable NAT Reflection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/07/08 17:14, Simon wrote:
Thanks for the replies todate!

You are welcome.

I had a look thru the firewall rules that are created by the web interface and have this in the /etc/firewall/portfw/iptablesportfw file:

<snip>

Which is close, but not the same as your example above... have i got the right section here?

With out knowing any thing about what "... the web interface ..." is I can't say any thing about where you are at.

However your rules look like they are doing the DNATing (presuming that your ""external IP is 192.168.2.2) properly (presuming that 192.168.1.<something> is your internal IP). However you are not doing any SNATing to hide the fact that your internal LAN clients are being redirected back to the the internal server when they try to reach the external IP.



Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux