Re: Public IP to Private IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That seems very strange,

Is the server hosted on the same system as the NAT box?
Did you flush the conntrack table or wait for timeouts after making the change?

On Mon, Jan 27, 2014 at 4:01 PM, Scott Mayo <scotgmayo@xxxxxxxxx> wrote:
> On Mon, Jan 27, 2014 at 2:48 PM, Ray Soucy <rps@xxxxxxxxx> wrote:
>> The term you're looking for is "NAT reflection" or "hairpin NAT".
>>
>> If you're not running split DNS, then trying to reach a system via its
>> "outside" IP from an internal system will present a problem because
>> the source IP of the request is seen as on-link by the server, so the
>> server responds directly from an unexpected source IP and the
>> requesting host drops the request.
>>
>> You can get around this issue by NATing the return traffic when its to
>> and from the internal network.
>>
>> Assuming that your inside interface is eth1, and your inside IP
>> network is 192.168.0.0/23:
>>
>> iptables -A POSTROUTING -s 192.168.0.0/23 -d 192.168.0.0/23 -o eth1 -j
>> MASQUERADE
>>
>
> That did not seem to work either.  Getting the same results.  Thanks.
>
>
>> Split DNS, however, is a better approach, if you can do it (using
>> views in BIND).
>
>
> Yes, if I can get time to setup a Bind server. I just need some more time.
>
> --
> Scott Mayo
> Mayo's Pioneer Seeds   PH: 573-568-3235   CE: 573-614-2138
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux