*shrug* same here Are you trying to hit the natted address from inside the LAN that is being natted to? Hairpin NAT doesnt work in iptables...
------------------ Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 29, 2008, at 10:06 PM, John Mason Jr wrote: > I just connected and see the Apache 2 test page running on CentOS > > John > > > > Nathan McBride wrote: >> First off I appreciate help from everyone, this is a nice change to >> some >> mailing lists I'm used to. Unfortunately, I am still having the same >> problem. I'm giving out real information, probably shouldn't, but >> that's how frustrated I am. I just get an unable to connect >> error. The >> firewalls are fine I promise. I can see the page on 192.168.0.105 >> from >> inside the lan, and I can see and use the webgui of the router just >> fine. Altho I did disable it of course since I want the port >> forwarded. >> In the ssh example sent to me which is below, I notice that the >> address >> are just numbers where mine have "" around them. Does this >> matter? Can >> anyone please give any suggestions? >> >> Thanks alot, >> Nate >> >> My domain is: >> www.nombyte.com >> >> The IP is: >> 71.62.193.105 >> >> Full Nat is: >> >> nat { >> rule 1 { >> type: "destination" >> inbound-interface: "eth0" >> protocols: "tcp" >> source { >> network: "0.0.0.0/0" >> } >> destination { >> address: "71.62.193.105" >> port-name http >> } >> inside-address { >> address: 192.168.0.105 >> } >> } >> rule 2 { >> type: "masquerade" >> outbound-interface: "eth0" >> protocols: "all" >> source { >> network: "192.168.0.0/24" >> } >> destination { >> network: "0.0.0.0/0" >> } >> } >> rule 3 { >> type: "masquerade" >> outbound-interface: "eth0" >> protocols: "all" >> source { >> network: "192.168.1.0/24" >> } >> destination { >> network: "0.0.0.0/0" >> } >> } >> >> >> >> >> On Tue, 2008-01-29 at 08:08 -0800, Justin Fletcher wrote: >>> Here's what I use to port-forward ssh; just adjust for address >>> (where >>> destination address is the public IP) and change it to http. >>> >>> rule 2 { >>> type: "destination" >>> inbound-interface: "eth0" >>> protocols: "tcp" >>> source { >>> network: 0.0.0.0/0 >>> } >>> destination { >>> address: 1.2.3.4 >>> port-name ssh >>> } >>> inside-address { >>> address: 10.0.0.30 >>> } >>> } >>> >>> Best, >>> Justin >>> >>> On Jan 29, 2008 7:46 AM, Nathan McBride <[EMAIL PROTECTED]> wrote: >>>> Can someone please help me get this worked out? >>>> Nate >>>> >>>> >>>>> Ok these are my nat rules now, I didn't see a command to change >> the rule >>>>> numbers so i just redid them all by hand. It still doesn't work. >>>>> >>>>> rule 1 { >>>>> type: "destination" >>>>> inbound-interface: "eth0" >>>>> protocols: "tcp" >>>>> destination { >>>>> address: "71.62.193.105" >>>>> port-name http >>>>> } >>>>> inside-address { >>>>> address: 192.168.0.105 >>>>> } >>>>> } >>>>> rule 2 { >>>>> type: "masquerade" >>>>> outbound-interface: "eth0" >>>>> protocols: "all" >>>>> source { >>>>> network: "192.168.0.0/24" >>>>> } >>>>> destination { >>>>> network: "0.0.0.0/0" >>>>> } >>>>> } >>>>> rule 3 { >>>>> type: "masquerade" >>>>> outbound-interface: "eth0" >>>>> protocols: "all" >>>>> source { >>>>> network: "192.168.1.0/24" >>>>> } >>>>> destination { >>>>> network: "0.0.0.0/0" >>>>> } >>>>> } >>>>> >>>>> Nate >>>>> >>>>> On Mon, 2008-01-28 at 21:39 -0800, An-Cheng Huang wrote: >>>>>> Hi Nate, >>>>>> >>>>>> The "inside-address" is the internal (private) IP address of >> your Web server, which in your case is 192.168.0.105. The >> "destination >> address" should actually be the public IP address that outside >> clients >> will use to access your server, so usually this is the public IP >> address >> of your router. >>>>>> An-Cheng >>>>>> >>>>>> Nathan McBride wrote: >>>>>>> I went and looked at the old docs. I thought I set them up >> correctly >>>>>>> but aparently I didn't. I'll im trying to do is to get people >> on the >>>>>>> internet to view the website on my comp (192.168.0.105). The >> only >>>>>>> difference that i noticed when I tried to commit the example >> in the old >>>>>>> docs was that vc3 requires an 'inside-address'. Could someone >> please >>>>>>> help me correct this to get it working? >>>>>>> >>>>>>> rule 3 { >>>>>>> type: "destination" >>>>>>> inbound-interface: "eth0" >>>>>>> protocols: "tcp" >>>>>>> destination { >>>>>>> address: "192.168.0.105" >>>>>>> port-name http >>>>>>> } >>>>>>> inside-address { >>>>>>> address: 192.168.0.105 <-- didn't know what to put >> here >>>>>>> exactly... >>>>>>> } >>>>>>> } >>>>>>> >>>>> _______________________________________________ >>>>> Vyatta-users mailing list >>>>> Vyatta-users@mailman.vyatta.com >>>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>>> _______________________________________________ >>>> Vyatta-users mailing list >>>> Vyatta-users@mailman.vyatta.com >>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>>> >> >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users