I have a MPLS VPN setup connecting 3 locations, with one of the locations being the GW to the Internet (for all three locations). The GW has one public static IP with iptables FireWall (FW).
SNAT handles outgoing connections to the Internet for all three locations (different private IP nets) There are services within the VPN LAN at two locations that need to be made accessible to a set of "select" IPs connecting from the Internet e.g. ERP, DVR surveillance, IP camera. I have set up DNAT rules for each "opened" service as shown below. NB: EXTIF and EXTIP are defined at the begining of the iptables shell script and default FORWARD rule is DROP # DNAT to give access to DVR machine @ 172.16.0.131:80 iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s <ext_IP_1> -d $EXTIP --dport 8282 -j DNAT --to-destination 172.16.0.131:80 iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s <ext_IP_2> -d $EXTIP --dport 8282 -j DNAT --to-destination 172.16.0.131:80 iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s <ext_IP_3> -d $EXTIP --dport 8282 -j DNAT --to-destination 172.16.0.131:80 iptables -A FORWARD -p tcp -i $EXTIF -o $INTIF2 -d 172.16.0.131 --dport 80 -j ACCEPT The above strategy is working for services that are on Linux (Apache) without pop up windows but not on services with pop up. The error conditions are different for each service. For the specific example of the DVR box, When I type: http://<EXTIP>:8282/ in my browser (the IP number is one of the ext_IP_? in above rule) I get: <error code> 400 Bad Request Your client has issued a malformed or illegal request. </error code> Instead of the pop up box that one gets when connecting to the same unit from workstations on the VPN LAN. Any hints/suggestions to debug and determine the location of the problem welcome. TIA -- Arun Khan _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
