Re: Iptables denies access to web site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 20, 2003 at 08:29:41AM -0500, lrnobs wrote:
> >
> >Just so I get it right, I assume since there is only one nic declared in
> >the ruleset that the Dlink is providing NAT for the LAN?
> 
> Jack,
> 
> I think the answer is yes.  The configuration is dsl to dlink router, dlink 
> router to hub.  Internal pcs have 192.168.0.X addresses.  Once things are 
> prepared the dlink router will allow public port 80 to route to internal 
> port 8080 and will point to a specific internal pc, which has one network 
> board and a 192.168.0.X address.

Larry - Try doing "hairpin NAT" on your iptables box. Add the following
rule after your port 80 rule (placement not critical but nice to keep
the webserver stuff together):

$IPTABLES -t nat -A POSTROUTING -p tcp --dport 80 -s 192.168.0.0/24 \
-j MASQUERADE

(Remember that the \ is a line continuation marker so if you can put the
rule all on one line then just delete the \).

What this rule translates to in english is: "change the IP header source
of all packets coming from the LAN and bound for port 80 to that of the
external IP." IOW, your apache httpd.conf will react to the packet as if
it came from outside the firewall even though it didn't and should answer it
accordingly.

-- 
Jack Bowling
mailto: jbinpg@xxxxxxx


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux