Re: Netfilter Port Forwarding Problem
You don't know why it works? Or you don't know why it does not work ? I think it doesn't work... If you have Internet connected Webserver and there is requirement to establish a connection over localnetwork to internet, the webserver try to respond over his internet connection, because server know diferent way to the Internet then your firewall. That's why. Tomfi Makara napsal(a): Hi all, I have 2 internet connections ip $ipinet1 for other traffics and $ipinet2 for mail it works properly. I want to allow the connection from internet connect to my local web server(172.16.0.4) via $ipinet1 so I do port forwarding iptables -A PREROUTING -t nat -i $ifinet1 -d $ipinet1 -p tcp --dport 80 -j DNAT --to 172.16.0.4:80 I allow FORWARD Rule from firewall to my local webserver iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -p tcp --dport 80 -i $ifinet1 -o $iflocalnet -j ACCEPT I don't know why it does work? if you have any idea please help. Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Netfilter Port Forwarding Problem
On Fri, Apr 27, 2007 at 08:02:43PM -0700, Makara wrote: I want to allow the connection from internet connect to my local web server(172.16.0.4) via $ipinet1 so I do port forwarding or use redir(1) on the fw machine, eg. % redir --caddr 172.16.0.4 --cport 80 --lport 80 --transproxy if you start it from *inetd, you then will be able to [en|dis]able the service simply by issueing: % update-inetd --[en|dis]able www a bit OT but HTH anyway. -- paolo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]