web server in DMZ

hamals at infinito.it hamals at infinito.it
Tue Sep 28 16:44:36 CEST 2004


On Tue, 28 Sep 2004 10:17:29 -0400
  Jason Opperisano <opie at 817west.com> wrote:

> 
> are you asking how to connect to the web server from the 
>inside by its
> public IP address?

yes

>if so, you just need another DNAT 
>rule, probably:
> 
>  iptables -t nat -A PREROUTING -i $INSIDE_IF -p tcp -d 
>$WWW_PUB_IP \
>    --dport 80 -j DNAT --to-destination 192.168.1.10
> 
> -j
> 
> -- 
> Jason Opperisano <opie at 817west.com>
> 
> 

well I think this is a very good solution, but I can't 
understand the following:

hosts in my LAN go in internet with a snat using x.x.x.50 
ip address, and everythings is working; my web server is 
accessible from outside, then why my inside hosts can't 
access to him (with x.x.x.50 IP)? my hosts should see my 
web server like any web server on the net....right?
what is wrong in this concept?



_______________________________________
Connessione ed e-mail gratuita da 10 mb
consultabile tramite web e tramite pop.
www.infinito.it vieni a scoprire tutti 
i nostri servizi!

http://www.infinito.it/xmail




More information about the netfilter mailing list