[SGVLUG] iptables problem
Chris Nolan
chris at invert.com
Tue Apr 10 12:53:34 PDT 2007
Michael,
I've had the porblem before and solved it with an iptables prerouting dnat rule
as follows:
/sbin/iptables -t nat -A PREROUTING -i "Internal-Interface" -p tcp -d "External-IP-or-Host-Name" --dport "port" -j DNAT --to "InternalIP":"port"
Replace everything in parens with the appropriate port/ip/interface.
C
* Michael Proctor-Smith <mproctor13 at gmail.com> [2007-04-10 12:31:22 -0700]:
> Anyone else out there have servers available behind there firewall but
> can not access them from behind there firewall? I have a couple of
> servers behind my linux based router(openwrt) namely sgvlug and my
> personal server. They are available from the outside world and when
> connected wirelessly(which is on a different subnet) but when you are
> on the inside lets say 192.168.5.X address you can not access the
> outside ip address which is a SNAT to another 192.168.5.X address.
>
> The only thing that I found that seems to apply to this problem that
> google found for me was to disable icmp redirects which are the
> default thing sense the two hosts are on the same ethernet segment.
> This did not make a difference.
>
> I know I could solve this problem with dns and is what I used to do
> and have done when I was behind a cisco firewall and cisco said it was
> not possible. But I would have to serve different dns results to my
> wireless and wired network, and I would like for it to work correctly
> and not be a kludge.
More information about the SGVLUG
mailing list