iptables question

Posted by RubyFreak on Server Fault See other posts from Server Fault or by RubyFreak
Published on 2011-03-04T16:51:10Z Indexed on 2011/03/07 8:11 UTC
Read the original article Hit count: 279

Filed under:
|
|
|

i have a small network, with one valid IP and a firewall with 3 network interfaces (LAN, WAN, DMZ).

  • I want to enable PAT on this valid IP to redirect http traffic to a server in my DMZ. (done)
  • I want to enable MASQ on this ip from traffic that comes from my LAN (done)
  • I want from my LAN as well to access my http server at DMZ. (partially)

Question:

in the above scenario, i cannot from my LAN, to access my http server in the DMZ, since it has the IP used by the MASQ (the only valid ip that i have). What would be the best option to solve this problem?

network interfaces:

  • eth0 (WAN)
  • eth1 (DMZ)
  • eth2 (LAN)

    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    /sbin/iptables -A FORWARD --o eth1 -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT

    /sbin/iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2

    /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

    /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

    /sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT

© Server Fault or respective owner

Related posts about linux

Related posts about networking