Results 1 to 5 of 5
  1. #1

    iptables forwarding question

    I have setup most of my iptable rules without a problem and they all seem to work fine, except one. The one I am having a problem with is forwarding local traffic heading for our external ip address back to an internal server (port 80). Whatever I do the connection just dies on me. However When connecting from an external location everything works fine and my request is forward to the internal web server. Any ideas?

  2. #2
    If I understand your problem I would guess you're probably only translating the traffic one way. Here's what I think you're trying to do (with made up numbers):

    external ip 10.0.0.1
    Lan with ips 192.168.0.0/24
    Web server ip 192.168.0.100
    (web server on your internal network)

    web server resolves to 10.0.0.1 even for inside.

    The rules I would use are:

    iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 10.0.0.1 --destination-port 80 -j DNAT --to-destination 192.168.0.100

    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.100 --destination-port 80 -j SNAT --to-source 10.0.0.1

    I didn't actually test these but if you got as far as you did you should see what I'm getting at. The packets from the web server need to go back through the gateway rather than directly to the lan computer because as far as the lan computer is concerned it's talking to 10.0.0.1 not 192.168.0.100.

    Hopefully I haven't assumed to much about your setup and this will be of some use.
    Jonathan
    Hostingplex Support

    http://www.hostingplex.com
    Webhosting, VPS, Dedicateds and more.

  3. #3
    Jonathan, you described the problem right. Let me try this out tonight and I will get back to you on how it turned out... Thanks.

  4. #4
    This worked just about flawlessly... I just had to specify TCP as the protocol for it to work. Thanks so much for your help!

  5. #5
    Oops, yeah you need to specify the protocol any time you specify a port. Serves me right for not even checking the syntax before typing them out

    Glad to hear you got it working.
    Jonathan
    Hostingplex Support

    http://www.hostingplex.com
    Webhosting, VPS, Dedicateds and more.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •