Package: arno-iptables-firewall
Version: 1.8.8.c-1
When the package is used as gateway for internal network and some
servers should be visible from outside, there is a problem with
accessing these servers from inside (when external ip is used). Let's
suppose port 80 is forwarded to internal server 192.168.0.2, internal
gateway is 192.168.0.1, and external ip of the gateway is 1.2.3.4.
DC_OPEN_TCP has 80, and NAT_TCP_FORWARD is used to forward port 80 to
192.168.0.2. (BTW it's good if the relationship between these variables
is written.) Hosts in internal network can't access this server via
external ip 1.2.3.4. The situation is described in
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html .
What I use to solve this problem is the following plugin:
iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 80 -j DNAT --to
192.168.0.2
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.2 -p tcp
--dport 80 -j SNAT --to 1.2.3.4
I think such hand-written iptables should not be needed.
Regards,
Ognyan Kulev
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
