-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 10 February 2002 10:39 pm, Ramon Acedo wrote:
> Hi!
>
> I'd like to access to the hosts of my intranet with private ip's from the
> outside.
> I have the following net:
>
> A real domain name server managed by the computer which has the real ip, so
> I can set all the names and
> subdomains that I need.
> A firewall wich is the same host than the dns server I told before, I've
> got iptables in that host
> and it masquerades my intranet so the other hosts with private ip's use it
> as default gateway.
>
> I just want that when someone try to access to host1.mydomain.net from the
> internet my firewall (and dns server)
> forward the request to host1.local which has the private ip 192.168.1.20.
I don't think that you can do that. Think about the problem from the
perspective of ip numbers only (ie forget the names for the moment). The
only ip address the rest of the world can see is your single ip address.
Therefore all requests (after name resolution) must point to that address.
Your only way round this is to forward specific ports using iptables. So for
instance if you wanted to run a web service on your gateway box and another
web service on an internal box then you could cause port 8080 to be forwarded
with a command like
iptables -t nat -A PREROUTING -i $INETIF -p tcp --dport 8080 -j
DNAT --to-destination 192.168.1.20:80
where INETIF is something like eth0 or ppp or whatever device you external
internet connection is on. [You may be able to forward ranges of ports like
this - man iptables implies you can, but I haven't tried it]
connecting to port 80 would go to the gateway box, connecting to 8080 would
be forwarded to port 80 of the internal box.
- --
Alan - [EMAIL PROTECTED]
http://www.chandlerfamily.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8Z3KS1mf3M5ZDr2kRAnAlAKCA+ZELFrH2Jl81LSylqil1pO/O7ACdEOcj
xVR3uKF6mdbT3jucEj3gKJM=
=Byhp
-----END PGP SIGNATURE-----
