Destination NAT Onto the Same Network from internal clients
Posted
by
mivi
on Server Fault
See other posts from Server Fault
or by mivi
Published on 2012-04-06T18:01:44Z
Indexed on
2012/04/06
23:32 UTC
Read the original article
Hit count: 296
I have a DSL router which acts as NAT (SNAT & DNAT). I have setup a server on internal network (10.0.0.2 at port 43201). DSL router was configured to "port forward" (or DNAT) all incoming connections to 10.0.0.2:43201.
I created a virtual server for port forwarding on DSL router. I also added following iptables rules for port forwarding.
iptables -t nat -A PREROUTING -p tcp -i ppp_0_1_32_1 --dport 43201 -j DNAT --to-destination 10.0.0.2:43201
iptables -I FORWARD 1 -p tcp -m state --state NEW,ESTABLISHED,RELATED -d 10.0.0.2 --dport 43201 -j ACCEPT
# ppp_0_1_32_1 is routers external interface.
# routers internal IP address is 10.0.0.1 and server is setup at 10.0.0.2:43201
Problem is that connections coming from external IP addresses are able to access internal server using External IP address, but internal clients (under NAT) are not able to access server using external IP address.
Example: http://<external_address>:43201 is working from external clients
But, internal clients are not able to access using http://<external_address>:43201
This seems to be similar to the problem described in http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html (NAT HOW-TO Destination NAT Onto the Same Network).
Firstly, I am not able to understand why is this a problem for internal clients? Secondly, what iptables rule will enable internal clients to access server using external IP address? Please suggest.
© Server Fault or respective owner