Fw: Is my problem so hard ???

Tue, 26 Feb 2002 10:15:48 -0800 

> Thank You very much !!!
>
> I found a lot of Tutorials on the net but few had examples and sometimes a
> draw is better than 50 pages of text...
>
>
>
> ----- Original Message -----
> From: "Erdal MUTLU" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, February 26, 2002 3:54 PM
> Subject: Re: Is my problem so hard ???
>
>
> > On Tuesday 26 February 2002 03:18 pm, S�bastien FOUTREL aka Tino wrote:
> > > netstat -nr
> > > xxx.xxx.xxx.112   0.0.0.0                 255.255.255.252 U        40
0
> > > 0 eth1 (External)
> > > xxx.xxx.xxx.112   0.0.0.0                 255.255.255.240 U        40
0
> > > 0 eth2 (DMZ)
> > > 10.0.0.0               0.0.0.0                 255.0.0.0             U
> > > 40 0          0 eth0 (LAN)
> > > 127.0.0.0             0.0.0.0                 255.0.0.0             U
> > > 40 0          0 lo
> > > 0.0.0.0                 xxx.xxx.xxx.113   0.0.0.0                 UG
> 40
> > > 0          0 eth1
> > >
> > > I wants to have a LAN machine visible on Internet with a public IP
> > > but all i can do is a NATed machine that is visible on internet with a
> > > public ip BUT which has acces to internet via the gateway of the LAN
> > > instead of using its Public IP...
> > >
> > > In fact i think I need a 2 way NAT.
> >
> >         |
> >         | eth1   External (Internet) ext_ip,ext_ip1,ext_ip2 ...
(aliases)
>
              ----
> ---
> >     | LFW    | ----------- eth2 DMZ dmz_ip ----|    DMZ   |
>
              ------
> --
> >          |
> >          | eth0  LAN
> >    --------
> >   |     LAN    |
> >    --------
> >      |
> >     ---
> >   | PC |  pc_ip=10.0.0.XXX
> >   ----
> >
> > Suppos that ext_ip1 is your public IP which you want to use to access
your
> PC
> > on LAN.
> >
> > To have an internal PC accesable from Internet you nead DNAT and SNAT
> >
> > iptables  -t nat -A PREROUTING --destination $ext_ip1 --in-interface
eth1
> > --jump DNAT --to-destination $pc_ip
> > iptables  -t nat -A POSTROUTING -s $pc_ip --out-interface eth1 --jump
SNAT
> >  --to-source $ext_ip1
> >
> > Note ext_ip1 should be one of  the IPs eth1 interface card.
> >
> > And of course in FORWARD chain allow access
> >
> > ### incomming connection to your PC
> > iptables --table  filter  --append FORWARD --in-interface eth1
> > --out-interface eth0 --destination $ext_ip1 --jump ACCEPT
> >
> > ### outgoing connections from your PC to Internet
> > iptables --table  filter  --append FORWARD --in-interface eth0
> > --out-interface eth1 --source $ps_ip --jump ACCEPT
> >
> > this allows everything to your PC!
> >
> > Best regards.
> > Erdal MUTLU
> >
>

Reply via email to