How to loop back internal traffic?
jcanas2000 at hotmail.com
Sat Feb 10 21:48:13 CET 2007
>From: Cedric Blancher <blancher at cartel-securite.fr>
>To: Jorge Canas <jcanas2000 at hotmail.com>
>Le samedi 10 février 2007 à 03:45 -0500, Jorge Canas a écrit :
> > How do I configure the firewall rules on the gw so that the port
> > also occurs when my other local network machines try to go to the
> > via the public domain name?
>You have to extend your SNAT rule so thoses machines egts NATed when
>trying to reach this webserver using its public IP, otherwise, you'll
>get a triangle situation where your webserver sends its SYN/ACK directly
>through the LAN with its private IP.
> iptables -t nat -A POSTROUTING -s $LAN -d $WebServPrivIP \
> -j SNAT --to-source $GWPrivIP
>BTW, it's a FAQ, but I agree it might be difficult to find relevant
>answers in the wild.
Thanks for the reply Cedric. I tried the rule but it did not work. I got a
connection refused message. This is the rule I added:
iptables -A POSTROUTING -s 192.168.123.0/24 -d 192.168.123.164 -j SNAT
--to-source 192.168.123.161 -t nat
My internal webserver is running at 192.168.123.164
The internal interface of the GW is 192.168.123.161
Dont miss your chance to WIN 10 hours of private jet travel from Microsoft
Office Live http://clk.atdmt.com/MRT/go/mcrssaub0540002499mrt/direct/01/
More information about the netfilter