locally access server behind firewall

Tom tom at tomdp.com
Wed Sep 1 20:11:35 CEST 2004

John A. Sullivan III wrote:

>If I understand you correctly, you are trying to connect to the web
>server on the internal network from devices on the internal network. 
>That means the packets never pass through the firewall.  In that case,
>no additional rules will help you.
Well, I try to connect from a machine on the internal network, but I 
don't use the internal IP address of the server. I try to connect using 
the external address, which is the public ip address of the firewall. So 
I thought the packets would pass the firewall..?

>You could force the traffic to pass through the firewall by placing the
>web server on a physical DMZ (highly preferable if this web server
>allows public access as it appears to - if someone cracks it, they will
>be on your internal network) or on a logical DMZ.  To create a logical
>DMZ, simply bind a second address for a separate subnet to the internal
>interface of the firewall and change the web server internal address to
>an address on that new subnet.
That's maybe a good idea... Will try that when I have some more time. 
But for the time being, I want to be able to connect to my webserver as 
if it were somewhere else on the internet...

>However, I would think the easiest thing to do is configure Apache to
>answer on port 8888.  Hope this helps - John
Then I still need the prerouting-rule, but it will only alter the 
destination address and not the port anymore. Would that help you think?


More information about the netfilter mailing list