How to loop back internal traffic?
Jorge Canas
jcanas2000 at hotmail.com
Sat Feb 10 21:48:13 CET 2007
>From: Cedric Blancher <blancher at cartel-securite.fr>
>To: Jorge Canas <jcanas2000 at hotmail.com>
>
>Le samedi 10 février 2007 à 03:45 -0500, Jorge Canas a écrit :
> > How do I configure the firewall rules on the gw so that the port
>forwarding
> > also occurs when my other local network machines try to go to the
>website
> > via the public domain name?
>
>You have to extend your SNAT rule so thoses machines egts NATed when
>trying to reach this webserver using its public IP, otherwise, you'll
>get a triangle situation where your webserver sends its SYN/ACK directly
>through the LAN with its private IP.
>
>Something like:
>
> iptables -t nat -A POSTROUTING -s $LAN -d $WebServPrivIP \
> -j SNAT --to-source $GWPrivIP
>
>
>BTW, it's a FAQ, but I agree it might be difficult to find relevant
>answers in the wild.
Thanks for the reply Cedric. I tried the rule but it did not work. I got a
connection refused message. This is the rule I added:
iptables -A POSTROUTING -s 192.168.123.0/24 -d 192.168.123.164 -j SNAT
--to-source 192.168.123.161 -t nat
My internal webserver is running at 192.168.123.164
The internal interface of the GW is 192.168.123.161
_________________________________________________________________
Don’t miss your chance to WIN 10 hours of private jet travel from Microsoft
Office Live http://clk.atdmt.com/MRT/go/mcrssaub0540002499mrt/direct/01/
More information about the netfilter
mailing list