Hi again everyone. Sorry for revivin a old topic, but i solved the
problem. just did a SNAT. tks for the help anyway.
-A POSTROUTING -p tcp -m tcp -d 192.168.1.2 --dport 5222 -j SNAT
--to-source 192.168.1.1
Brian Austin - Standard Universal escreveu:
spend $10.
register a domain.
use split DNS as described below.
:-)
b
Leonardo Carneiro wrote:
Hi Paulo,
tks for the tip, i already have a internal DNS, but i don't have a
external one =/
anyother ideas?
paulobruck1 escreveu:
Em Seg, 2009-03-16 às 16:41 -0300, Leonardo Carneiro escreveu:
Hi everyone.
Hi Leonardo
I'm new in the list and hope have a nice time here.
First of all, sorry about my poor enlgish, i'm from Brasil.
welcome...80)
I've got a standard scenario with a private network
(192.168.1.0/24) beeing natted by a internet server (192.168.1.1)
running iptables 1.3.0.
In the private network I have a application server (192.168.1.2)
running a service on port 5222. The port is properly forwarded in
internet server, and users across the internet can access the
service through the public IP of the internet server.
Users on the private network can access the service through the
private IP of the server, but cannot access using the public ip.
Accessing using the public ip would be very usefull, since lots of
users have notebooks and they access the service inside and outside
the private network
those are interface infos and the rules forwarding the port to the
application server:
eth0: public IP
eth1: private network, 192.168.1.1
If you like your intenal users use this ip, install a Internal DNS for
them and use at your externat ip use a dns too. Example:
Internal DNS
aplicationsserver IN A 192.168.1.1
EXternal DNS
applicationserver IN A XXX.XXX.XXX.XXX
( your public IP that is redirect to 192.168.1.1)
Thats all...
best regards
iptables -A PREROUTING -p tcp -m tcp -d [private_ip] -i eth0
--dport 5222 -j DNAT --to-destination 192.168.1.2
iptables -A FORWARD -p tcp -m tcp -d 192.168.1.2 -i eth0 -o eth1
--dport 5222 -j ACCEPT
I've done some tests, adding some rules like
iptables -A PREROUTING -p tcp -m tcp -d [private_ip] -i eth1
--dport 5222 -j DNAT --to-destination 192.168.1.2
iptables -A FORWARD -p tcp -m tcp -d 192.168.1.2 -i eth0 -o eth1
--dport 5222 -j ACCEPT
or just
iptables -A PREROUTING -p tcp -m tcp -d [private_ip] -i eth1
--dport 5222 -j DNAT --to-destination 192.168.1.2
but i just cannot connect using the public ip =S
sometimes the server answer the request, but using the private ip,
no the public ip requested by the host, and sometimes the server
just not answer the request.
any ideas how can i solve this?
tks in advance.
--
To unsubscribe from this list: send the line "unsubscribe
netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro@xxxxxxxxxxxxxx <mailto:lscarneiro@xxxxxxxxxxxxxx>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html