On Mon, Jan 27, 2014 at 1:22 PM, Scott Mayo <scotgmayo@xxxxxxxxx> wrote: > I am having some troubles getting my public IPs routed to my private IPs. > > Here is an example. > Private IP of the main server with my IPTables: 192.168.0.1 > Public IP of the main server: 1.1.1.1 > I also have 1.1.1.2 and 1.1.1.3 as public IPs attached to the public nic. > Domain name example.org is pointed to 1.1.1.2 > > I am trying to get the following public IPs to Private IPs: > 1.1.1.2 -> 192.168.0.2 > 1.1.1.3 -> 192.168.0.3 > > If I am outside my network and go to example.org, it seems to work fine. > If I am inside my network and go to 192.168.0.2 then it works fine. > If I go to example.org from inside my network then it goes back to > 192.168.0.1 instead of 192.168.0.2 > > Maybe this does not have to do with IPTables even since it works with > an IP, but I thought I would ask here. I do not have an internal DNS > server. > > Here are the rules that I have: > > IPTABLES -t nat -A PREROUTING -d 1.1.1.2 -p tcp -j DNAT > --to-destination 192.168.0.2 > IPTABLES -t nat -A POSTROUTING -d 192.168.0.2 -j SNAT --to-destination 1.1.1.2 > > Any suggestions would be appreciated. > Thanks. I ended up finishing my setup on my new filter server. I had not messed with this problem and wanted to wait until I got it into place. I am back to it now. I appreciate the suggestions so far. I am getting ready to setup an internal DNS server, but until I do, I would like to get the IPTABLES working. Here are the IPTABLE rules that I have in place: $IPTABLES -t nat -A PREROUTING -d 1.1.1.2 -p tcp -j DNAT --to-destination 192.168.0.2 $IPTABLES -t nat -A POSTROUTING -d 192.168.0.2 -s 192.168.0.0/16 -j SNAT --to-source 1.1.1.2 $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1.1.1.1 Here is quick breakdown ifcfg-eth0 = 1.1.1.1 #public IP of the main Squid/IPTABLES box ifcfg-eth0:0 = 1.1.1.2 #Virtual IP which I want to forward on to the other webserver box: example.org example.org resolves to 1.1.1.2 fine ifcfg-eth1 = 192.168.1.1 #private IP of the main Squid/IPTABLES box 192.168.1.2 #Is the private IP that I want forward on to the other webserver box: example.org My IPTABLES are on my Squid box. I have just played some more and found that if I take the proxy settings out of my browser and type in example.org in the URL, it works fine. If I leave the proxy settings in and type in example.org then it comes back to the main Squid box address of 192.168.1.1. Any idea why that would matter? I do drop port 80 and port 3128 so that the proxy cannot be gone around. For testing purposes though, I took those two drops out and it is still doing it. I'll get a copy of my IPTABLE rules and post also. Just thought I would post this first and see if someone had an idea of what I might be looking for. -- Scott Mayo Mayo's Pioneer Seeds -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
