On Wed March 17 2004 11:49, Tomas Florian wrote: > Hello, > > I have a masquerade setup on my router in the following way: > > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > Additionally I'm prerouting all of the http traffic to a second server > (192.168.0.2) because that's where I have my apache running. > > $IPTABLES -t nat -A PREROUTING -i $EXTIF -p TCP --dport 80 -j DNAT --to > 192.168.0.2:80 > > This works great ... when I'm on the outside network I can get to my web > server and all my internal clients have access to the internet. > > The problem is that when I'm on the internal network (192.168.0.x) and I'm > trying to get to my web server let's say: www.bla.com which has public ip > say: 139.142.1.100 the prerouting rule above does not work anymore.
I'm not sure why you would want to send a request to your external address when you're on the internal network? > It > just looks for a web server running on the router machine which is not what > I want. I suspect I know why it's doing it, but I'm not sure what the > solution is ... or if there even is any. My understanding of NAT is that > it is translating the addresses only in one direction, so the problem I'm > having arises because I'm asking it to do NAT in the direction that it is > not setup to work. > > My temporary solution is to go to the web server by typing > http://192.168.0.2 but this is not what I want at all. Put an entry in /etc/hosts: www.bla.com 192.168.0.2 > I also tried taking out the -i $EXTIF from my rule but that didn't help > either: > $IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -j DNAT --to > 192.168.0.2:80 > > Any ideas anyone? HTH, Curtis > > Thanks, > Tomas > > > > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
