Can't get access to local servers using external IP
pascal.mail at plouf.fr.eu.org
Sun Oct 15 14:54:24 CEST 2006
Martijn Lievaart a écrit :
> There are several ways you can make this work.
> 1) When packets from $local_lan arrive destined for the webserver, not
> only DNAT them, but SNAT them as well to an ip of the firewall. The
> disadvantage is that the webserverlogs will not acurately report the
> source address for these connections. This is probably what the linksys
Hint : using NETMAP to do the source NAT, you can do a 1:1 mapping so
you can retrieve the original source address.
> 6) Probably lots of other solutions I didn't think about.
If you access the server by name instead of by IP address :
7) Put the private address and the name in the /etc/hosts file of your
workstations. Quick and dirty, does not scale.
8) Set up a "split DNS" server so the internal requests receive the
private address and the external request receive the public address.
More information about the netfilter