static 1:1 nat did not work
Guenter.Sprakties at team4.de
Guenter.Sprakties at team4.de
Fri Jun 24 08:26:42 CEST 2005
Hello,
'cause I didn't get iptables nat to work, I switch back to an old 2.4
kernel and iproute2.
Three network segments, one intranet 172... , one dmz 192. .... one
extranet 212.a.b....
iproute2 setting is simple:
# Fast-NAT für DMZ-Intranet
ip rule add from 192.168.2.20 nat 172.31.27.20 to 172.31.24.0/24
table dmz prio 100
ip route add nat 172.31.27.20 via 192.168.2.20 table local
# Fast-NAT für DMZ-Internet (hier Extranet :-))
ip rule add from 192.168.2.20 nat 212.a.7b.c table dmz prio 200
ip route add nat 212.a.b.c via 192.168.2.20 table local
# Defaultroute einrichten
ip route add default via 212.117.70.33
ip route flush cache
ping from 172... to 172.31.27.20 is ok, in iptables we see
ping src 172. ... 10 -> 192.168.2.20
pong src 192.168.2.20 -> 172. ... 10
Now we activated a apache on our test-dmz system and tried to GET the site
from intern.
Surprisire, it didn't work. From the one side, we saw all tcp-packet in
the iptables log, but in the webserver log nothing happens and we got the
message in our browser 'server not found'. With the not natted ip of
192.168.2.20, everything is fine. For testing, we didn't start iptables at
all an dused ip_forward alone, again, we did not get the server while
there was definitive no rule against routing. And, like i said at the
strart, ICMP work fine.
Any idea? Or wrong group b'cause an apache problem?
Greetings,
Dr. Günter Sprakties
---
More information about the netfilter
mailing list