*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
being natted to? Hairpin NAT doesnt work in iptables...
------------------
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at 10:06 PM, John Mason Jr wrote:
> I just connected and see the Apache 2 test page running on CentOS
>
> John
>
>
>
> Nathan McBride wrote:
>> First off I appreciate help from everyone, this is a nice change to
>> some
>> mailing lists I'm used to. Unfortunately, I am still having the same
>> problem. I'm giving out real information, probably shouldn't, but
>> that's how frustrated I am. I just get an unable to connect
>> error. The
>> firewalls are fine I promise. I can see the page on 192.168.0.105
>> from
>> inside the lan, and I can see and use the webgui of the router just
>> fine. Altho I did disable it of course since I want the port
>> forwarded.
>> In the ssh example sent to me which is below, I notice that the
>> address
>> are just numbers where mine have "" around them. Does this
>> matter? Can
>> anyone please give any suggestions?
>>
>> Thanks alot,
>> Nate
>>
>> My domain is:
>> www.nombyte.com
>>
>> The IP is:
>> 71.62.193.105
>>
>> Full Nat is:
>>
>> nat {
>> rule 1 {
>> type: "destination"
>> inbound-interface: "eth0"
>> protocols: "tcp"
>> source {
>> network: "0.0.0.0/0"
>> }
>> destination {
>> address: "71.62.193.105"
>> port-name http
>> }
>> inside-address {
>> address: 192.168.0.105
>> }
>> }
>> rule 2 {
>> type: "masquerade"
>> outbound-interface: "eth0"
>> protocols: "all"
>> source {
>> network: "192.168.0.0/24"
>> }
>> destination {
>> network: "0.0.0.0/0"
>> }
>> }
>> rule 3 {
>> type: "masquerade"
>> outbound-interface: "eth0"
>> protocols: "all"
>> source {
>> network: "192.168.1.0/24"
>> }
>> destination {
>> network: "0.0.0.0/0"
>> }
>> }
>>
>>
>>
>>
>> On Tue, 2008-01-29 at 08:08 -0800, Justin Fletcher wrote:
>>> Here's what I use to port-forward ssh; just adjust for address
>>> (where
>>> destination address is the public IP) and change it to http.
>>>
>>> rule 2 {
>>> type: "destination"
>>> inbound-interface: "eth0"
>>> protocols: "tcp"
>>> source {
>>> network: 0.0.0.0/0
>>> }
>>> destination {
>>> address: 1.2.3.4
>>> port-name ssh
>>> }
>>> inside-address {
>>> address: 10.0.0.30
>>> }
>>> }
>>>
>>> Best,
>>> Justin
>>>
>>> On Jan 29, 2008 7:46 AM, Nathan McBride <[EMAIL PROTECTED]> wrote:
>>>> Can someone please help me get this worked out?
>>>> Nate
>>>>
>>>>
>>>>> Ok these are my nat rules now, I didn't see a command to change
>> the rule
>>>>> numbers so i just redid them all by hand. It still doesn't work.
>>>>>
>>>>> rule 1 {
>>>>> type: "destination"
>>>>> inbound-interface: "eth0"
>>>>> protocols: "tcp"
>>>>> destination {
>>>>> address: "71.62.193.105"
>>>>> port-name http
>>>>> }
>>>>> inside-address {
>>>>> address: 192.168.0.105
>>>>> }
>>>>> }
>>>>> rule 2 {
>>>>> type: "masquerade"
>>>>> outbound-interface: "eth0"
>>>>> protocols: "all"
>>>>> source {
>>>>> network: "192.168.0.0/24"
>>>>> }
>>>>> destination {
>>>>> network: "0.0.0.0/0"
>>>>> }
>>>>> }
>>>>> rule 3 {
>>>>> type: "masquerade"
>>>>> outbound-interface: "eth0"
>>>>> protocols: "all"
>>>>> source {
>>>>> network: "192.168.1.0/24"
>>>>> }
>>>>> destination {
>>>>> network: "0.0.0.0/0"
>>>>> }
>>>>> }
>>>>>
>>>>> Nate
>>>>>
>>>>> On Mon, 2008-01-28 at 21:39 -0800, An-Cheng Huang wrote:
>>>>>> Hi Nate,
>>>>>>
>>>>>> The "inside-address" is the internal (private) IP address of
>> your Web server, which in your case is 192.168.0.105. The
>> "destination
>> address" should actually be the public IP address that outside
>> clients
>> will use to access your server, so usually this is the public IP
>> address
>> of your router.
>>>>>> An-Cheng
>>>>>>
>>>>>> Nathan McBride wrote:
>>>>>>> I went and looked at the old docs. I thought I set them up
>> correctly
>>>>>>> but aparently I didn't. I'll im trying to do is to get people
>> on the
>>>>>>> internet to view the website on my comp (192.168.0.105). The
>> only
>>>>>>> difference that i noticed when I tried to commit the example
>> in the old
>>>>>>> docs was that vc3 requires an 'inside-address'. Could someone
>> please
>>>>>>> help me correct this to get it working?
>>>>>>>
>>>>>>> rule 3 {
>>>>>>> type: "destination"
>>>>>>> inbound-interface: "eth0"
>>>>>>> protocols: "tcp"
>>>>>>> destination {
>>>>>>> address: "192.168.0.105"
>>>>>>> port-name http
>>>>>>> }
>>>>>>> inside-address {
>>>>>>> address: 192.168.0.105 <-- didn't know what to put
>> here
>>>>>>> exactly...
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>> _______________________________________________
>>>>> Vyatta-users mailing list
>>>>> Vyatta-users@mailman.vyatta.com
>>>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>> _______________________________________________
>>>> Vyatta-users mailing list
>>>> Vyatta-users@mailman.vyatta.com
>>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>>
>>
>> _______________________________________________
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
