iptables question
Posted
by
RubyFreak
on Server Fault
See other posts from Server Fault
or by RubyFreak
Published on 2011-03-04T16:51:10Z
Indexed on
2011/03/07
8:11 UTC
Read the original article
Hit count: 279
i have a small network, with one valid IP and a firewall with 3 network interfaces (LAN, WAN, DMZ).
- I want to enable PAT on this valid IP to redirect http traffic to a server in my DMZ. (done)
- I want to enable MASQ on this ip from traffic that comes from my LAN (done)
- I want from my LAN as well to access my http server at DMZ. (partially)
Question:
in the above scenario, i cannot from my LAN, to access my http server in the DMZ, since it has the IP used by the MASQ (the only valid ip that i have). What would be the best option to solve this problem?
network interfaces:
- eth0 (WAN)
- eth1 (DMZ)
eth2 (LAN)
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD --o eth1 -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
© Server Fault or respective owner