Help.

[Jason Pappas]

----- Original Message -----
From: "Christoph Simon" <ciccio@kiosknet.com.br>
To: "Jason Pappas" <jpappas@sharemedia.com>
Cc: <dan@fullmotionsolutions.com>; <netfilter@lists.samba.org>
Sent: Wednesday, October 31, 2001 3:54 PM
Subject: Re: Help.


> On Wed, 31 Oct 2001 15:22:02 -0500
> "Jason Pappas" <jpappas@sharemedia.com> wrote:
>
> > Question: Do you have 2 machines that will be answering web (port 80)
> > requests? your firewall and 192.168.56?
> > ---- Original Message -----
> > From: "Danny Brow" <dan@fullmotionsolutions.com>
> > To: <netfilter@lists.samba.org>
> > Sent: Wednesday, October 31, 2001 3:05 PM
> > Subject: Help.
> >
> >
> > > I did some reading on DNAT and SNAT, but I am unsure of how to have my
> > local
> > > IP address be seen on the internet.  I better explain a little.  I
have
> > > mydomain.com on a internet ip address, we will just say it is
29.89.2.8.
> > It is
> > > running most of our Internet apps, i.e. web and ftp.   So it needs to
> > server
> > > port 80 request to the Internet.  Our Internal network is running
> > 192.168.0.?
> > > and we have another web server running on 192.168.0.56, we can access
it
> > fine
> > > from inside our network.  But we need to be able to access it from the
out
> > > side world.  In our DNS zone files it's name is clients.mydomain.com.
So I
> > > guess my question is how can I have my firewall serve the Internet web
> > pages
> > > from my internal systems? and Still have my main site running on the
> > > firewall/web server.
>
> I'm also unsure to have understood your question. But if there is one
> firewall, and you want to pass port 80 tcp requests to an internal
> host, DNAT is actually, what you want. Essentially,
>
> iptables -t nat -A PREROUTING -d 29.89.2.8 -p tcp --dport 80 \
> -j DNAT --to 192.168.0.56

This would work,, however he has a webserver running on his firewall as well
as this internal host.  He still needs to answer port 80 on his firewall ...
However, he also has to make a website on his internal network available as
well.


>
> would do the trick. If your default policy is DROP, you'll also need
> to set an ACCEPT target in table filter/FORWARD and nat/POSTROUTING.
>
> HTH
>
> --
> Christoph Simon
> ciccio@kiosknet.com.br
> ---
> ^X^C
> q
> quit
> :q
> ^C
> end
> x
> exit
> ZZ
> ^D
> ?
> help
> .
>