[TriLUG] iptables routing help

Brian Henning via TriLUG trilug at trilug.org
Wed Apr 8 11:33:20 EDT 2020 

When I was facing this problem, I had to fix it with DNS; that is, I had to make sure that clients on the local network resolve the hostname to the internal IP address.

I'm running dnsmasq on my network for DHCP and DNS caching, so it wasn't a big deal to set it up.  YMMV.

-B

-----Original Message-----
From: TriLUG <trilug-bounces+bhenning=pineresearch.com at trilug.org> On Behalf Of Steve Kuekes via TriLUG
Sent: Wednesday, April 8, 2020 11:20 AM
To: trilug at trilug.org
Subject: [TriLUG] iptables routing help

I need help with a Iptables routing problem.  Here is my setup.


Internet <==> Linux Server with Iptables NAT firewall <==> local net

107.5.x.x 192.168.1.1 192.168.1.0/24

I have a web server on my internal network 192.168.1.13.  My Linux server has a DNS entry for abc.com that points to the Internet address of my Iptables firewall (107.5.x.x).  I have enabled port forwarding on the NAT firewall so that when I go the the web site http://abc.com I get port forwarded to the internal web server at 192.168.1.13.  This works fine when the client (like my phone) making the request  is connected to the internet or another network behind a firewall.

The problem is that I would like to be able to make the same request from a client (my phone) when it is connected to the Wifi on my local network.  When this request is made I get connected to the Apache that is running on the IPtables server, not my server at 192.168.1.13.  If I make the request using the URL http://192.168.1.13 then everything works just fine.  I would like to make the request work so I can use the same URL regardless of whether the request is coming from the internet or from a client on my local network.

Here are my NAT firewall rules

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth2 -j MASQUERADE
-A PREROUTING -p tcp -m tcp --dport 80 -i eth2 -j DNAT --to 192.168.1.13:80


I have tried Googling by I cannot seem something that is this problem. Anybody got an idea or a pointer to a page with a similar solution.

Thanks

--
Steve Kuekes

Fisherman: 2007 Sea Fox 225 Bay Fisher
email: steve at kuekes.com

--
This message was sent to: Brian <bhenning at pineresearch.com> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	: https://www.trilug.org/mailman/options/trilug/bhenning%40pineresearch.com
Welcome to TriLUG: https://trilug.org/welcome

More information about the TriLUG mailing list