Rerouting remote users to VPN channel
Ivan Gustin
ivan.gustin at pu.t-com.hr
Tue Apr 25 10:21:07 CEST 2006
Matt Barclay:
> Yes, you need SNAT and DNAT rules. Something like this ought to work
Thank you, Matt, for answering.
> iptables -t mangle -A PREROUTING -d <yourPublicIP> -p tcp --dport 80
> -j MARK --set-mark 80
> iptables -t nat -A PREROUTING -m mark --mark 80 -j DNAT --to 192.168.30.9
> iptables -A FORWARD -m mark --mark 80 -j ACCEPT
> iptables -t nat -A POSTROUTING -m mark --mark 80 -j SNAT --to
> <firewallPrivateIP>
Yes, I set up something like this few hours ago, and it worked. But,
unfortunately, Intranet Web application uses absolute private IP
addresses, so that can't work. Application starts, but when user clicks
on some option connection hangs trying to open http://192.168.30.9/....
:-( I can't change third-party Web app.
I don't see any other solution but setting up VPN so users have private
routeable IP addresses.
Thanks anyway.
GI
More information about the netfilter
mailing list