Find the answer to your Linux question:
Results 1 to 6 of 6
Hello all, I'm configuring a DNS firewall and I got stuck in the following situation: one of my teammates must access a local server (192.168.1.2:10100) but he must do it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 02-14-2008 #1
    reb0rn
    reb0rn is offline
    Just Joined!
    Join Date
    Sep 2007
    Posts
    5

    Access a local server from the firewall's public IP

    Hello all,

    I'm configuring a DNS firewall and I got stuck in the following situation: one of my teammates must access a local server (192.168.1.2:10100) but he must do it using the firewall's public IP (say, 200.221.1.21). I ran ping over those IPs and all seems to be working fine.
    I tried the following code in nat's PREROUTING chain:
    Code:
    $IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE -o $INET_IFACE -d $INET_IP --dport 10100 -j DNAT --to-destination 192.168.1.2
    In the POSTROUTING:
    Code:
    $IPTABLES -t nat -A POSTROUTING -p TCP -o $LAN_IFACE --dport 10100 -j SNAT --to-source LAN_IP
    $IPTABLES = /usr/sbin/iptables
    LAN_IFACE = eth1
    INET_IFACE = eth0
    INET_IP = Firewall's public IP
    LAN_IP = 192.168.1.1 (Firewall's private IP)

    Also, I tried adding the port to the server's host, like 192.168.1.2:10100 or --sport 10100 (in the POSTROUTING) but that didn't work either
    I'm not a linux hacker but a hard worker and I'm really trying my best to find a solution to this (searching google for about 6~7 hours now)
    Anyway, thanks in advance
    Reply With Quote Reply With Quote
  2. 02-14-2008 #2
    Kieren
    Kieren is offline
    Linux Engineer Kieren's Avatar
    Join Date
    Aug 2007
    Location
    England
    Posts
    848
    In your post routing you have posted:

    ...--to-source LAN_IP

    In your actual rule have you got $LAN_IP?
    Linux User #453176
    Reply With Quote Reply With Quote
  3. 02-14-2008 #3
    reb0rn
    reb0rn is offline
    Just Joined!
    Join Date
    Sep 2007
    Posts
    5
    Hi Kieren,

    Thanks for the reply.
    Actually that was my fault. In the script I'm using the IP in the form xxx.xxx.xxx.xxx.
    Cya
    Reply With Quote Reply With Quote
  4. 02-15-2008 #4
    reb0rn
    reb0rn is offline
    Just Joined!
    Join Date
    Sep 2007
    Posts
    5
    Hello all,
    Anyone has got any ideas how to solve such problem ? Still couldn't realize what do.
    Should I write those rules in INPUT and OUTPUT chains (as I'm dealing with firewall's IP)?
    Thanks in advance
    Reply With Quote Reply With Quote
  5. 02-19-2008 #5
    Kieren
    Kieren is offline
    Linux Engineer Kieren's Avatar
    Join Date
    Aug 2007
    Location
    England
    Posts
    848
    Sorry, from your reply I thought you had fixed it.

    Your rules look okay to me. In your prerouting chain you have "-i $LAN_IFACE". This means you're expecting the request to come in on the NATs eth1 device. Are you sure you're not meant to have the input device as eth0?
    Linux User #453176
    Reply With Quote Reply With Quote
  6. 02-19-2008 #6
    reb0rn
    reb0rn is offline
    Just Joined!
    Join Date
    Sep 2007
    Posts
    5
    Hi Kieren,

    Indeed, I've solved the problem: thing is, I wasn't updating the previous applied rules, so things would be pretty messy after some time.
    Thanks for replying and have a nice day all
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules