[TriLUG] iptables routing help
John Franklin via TriLUG
trilug at trilug.org
Wed Apr 8 12:30:01 EDT 2020
NAT Reflection is what you’re looking for.
jf
--
John Franklin
franklin at elfie.org
> On Apr 8, 2020, at 11:19, Steve Kuekes via TriLUG <trilug at trilug.org> wrote:
>
> I need help with a Iptables routing problem. Here is my setup.
>
>
> Internet <==> Linux Server with Iptables NAT firewall <==> local net
>
> 107.5.x.x 192.168.1.1 192.168.1.0/24
>
> I have a web server on my internal network 192.168.1.13. My Linux server has a DNS entry for abc.com that points to the Internet address of my Iptables firewall (107.5.x.x). I have enabled port forwarding on the NAT firewall so that when I go the the web site http://abc.com I get port forwarded to the internal web server at 192.168.1.13. This works fine when the client (like my phone) making the request is connected to the internet or another network behind a firewall.
>
> The problem is that I would like to be able to make the same request from a client (my phone) when it is connected to the Wifi on my local network. When this request is made I get connected to the Apache that is running on the IPtables server, not my server at 192.168.1.13. If I make the request using the URL http://192.168.1.13 then everything works just fine. I would like to make the request work so I can use the same URL regardless of whether the request is coming from the internet or from a client on my local network.
>
> Here are my NAT firewall rules
>
> *nat
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A POSTROUTING -o eth2 -j MASQUERADE
> -A PREROUTING -p tcp -m tcp --dport 80 -i eth2 -j DNAT --to 192.168.1.13:80
>
>
> I have tried Googling by I cannot seem something that is this problem. Anybody got an idea or a pointer to a page with a similar solution.
>
> Thanks
>
> --
> Steve Kuekes
>
> Fisherman: 2007 Sea Fox 225 Bay Fisher
> email: steve at kuekes.com
>
> --
> This message was sent to: franklin at elfie.org <franklin at elfie.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : https://www.trilug.org/mailman/options/trilug/franklin%40elfie.org
> Welcome to TriLUG: https://trilug.org/welcome
More information about the TriLUG
mailing list