I have a Linux firewall/NAT host on my network port forwarding specific ports such as port 80 to a host within the LAN. This works fine when I’m connecting from outside of the LAN. What do I have to do with iptables so I can access these things from within the LAN without having to do something like fake dns so it uses internal IPs to access these hosts and ports? Current ruleset looks like this: Chain INPUT (policy ACCEPT) target prot opt source destination LOG_AND_DROP all -- 43.229.53.68 0.0.0.0/0 LOG_AND_DROP all -- 46.148.18.162 0.0.0.0/0 LOG_AND_DROP all -- 159.226.35.207 0.0.0.0/0 LOG_AND_DROP all -- 111.224.46.7 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 192.168.10.10 tcp dpt:80 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 192.168.10.10 tcp dpt:443 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 192.168.10.10 tcp dpt:25 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 192.168.10.10 tcp dpt:587 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 192.168.10.10 tcp dpt:143 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 192.168.10.10 tcp dpt:993 state NEW,RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain LOG_AND_DROP (4 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `HOST DENIED: ' DROP all -- 0.0.0.0/0 0.0.0.0/0 Trying to connect to port 80 on the external IP from within the lan results in this: telnet www.blah.com 80 Trying 111.114.34.128... telnet: connect to address 111.114.34.128.: Connection refused telnet: Unable to connect to remote host Thank you for any help. -jeremy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
