Wed, 31 Oct 2001 15:48:20 -0500
----- Original Message -----
From: "Christoph Simon" <email@example.com>
To: "Jason Pappas" <firstname.lastname@example.org>
Cc: <email@example.com>; <firstname.lastname@example.org>
Sent: Wednesday, October 31, 2001 3:54 PM
Subject: Re: Help.
> On Wed, 31 Oct 2001 15:22:02 -0500
> "Jason Pappas" <email@example.com> wrote:
> > Question: Do you have 2 machines that will be answering web (port 80)
> > requests? your firewall and 192.168.56?
> > ---- Original Message -----
> > From: "Danny Brow" <firstname.lastname@example.org>
> > To: <email@example.com>
> > Sent: Wednesday, October 31, 2001 3:05 PM
> > Subject: Help.
> > > I did some reading on DNAT and SNAT, but I am unsure of how to have my
> > local
> > > IP address be seen on the internet. I better explain a little. I
> > > mydomain.com on a internet ip address, we will just say it is
> > It is
> > > running most of our Internet apps, i.e. web and ftp. So it needs to
> > server
> > > port 80 request to the Internet. Our Internal network is running
> > 192.168.0.?
> > > and we have another web server running on 192.168.0.56, we can access
> > fine
> > > from inside our network. But we need to be able to access it from the
> > > side world. In our DNS zone files it's name is clients.mydomain.com.
> > > guess my question is how can I have my firewall serve the Internet web
> > pages
> > > from my internal systems? and Still have my main site running on the
> > > firewall/web server.
> I'm also unsure to have understood your question. But if there is one
> firewall, and you want to pass port 80 tcp requests to an internal
> host, DNAT is actually, what you want. Essentially,
> iptables -t nat -A PREROUTING -d 22.214.171.124 -p tcp --dport 80 \
> -j DNAT --to 192.168.0.56
This would work,, however he has a webserver running on his firewall as well
as this internal host. He still needs to answer port 80 on his firewall ...
However, he also has to make a website on his internal network available as
> would do the trick. If your default policy is DROP, you'll also need
> to set an ACCEPT target in table filter/FORWARD and nat/POSTROUTING.
> Christoph Simon