[NCLUG] Pretty Pesky Port Passing Problem
Kevin Fenzi
kevin at scrye.com
Mon Mar 24 11:29:51 MST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Rich" == Rich Young <rich at ExperiencePlus.Com> writes:
Rich> We've recently installed a new web server on our network, inside
Rich> the firewall, and simply port-passed :80 to the new server from
Rich> the firewall/former webserver. It works great if you're outside
Rich> the building, but anyone inside the firewall can no longer
Rich> simply type in the URL of our website and get it to load. Using
Rich> the internal IP address does work, but my co-workers would like
Rich> to avoid memorizing any IP addresses....
Rich> Does anyone have any advice on resolving this problem?
Are you using iptables on your firewall?
If so, the problem I have seen before is that the firewall doesn't
know that it should nat internal ip's to the external addresses.
So, something like:
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j SNAT -s <internalnet> --to-source <external ip>
Where eth1 is my internal interface.
Allows it to talk to the external ip's from internal addresses.
kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQE+f06i3imCezTjY0ERAmEhAJ4xTZyd4KogCbszM6gkiYDdpppbsgCeLPJJ
9hujIZDQm9qux2feG/whtXg=
=kxjx
-----END PGP SIGNATURE-----
More information about the NCLUG
mailing list