LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-11-2004, 06:37 PM   #1
jankarlsen
LQ Newbie
 
Registered: Aug 2004
Posts: 3

Rep: Reputation: 0
Problem with routing.


Hi all.

I got one router, one mail server and one web server.

router = localnet: 192.168.0.1
web = 192.168.0.101
mail = 192.168.0.102

When I'm outside my network and try to resolve one adresse to the web server it works fine. No problems, so it all work out fine from outside of the network.

The problem starts when i take my laptop to the office and then try to use a dns that is pointing to my web server, It can't find it. So it's seems like it's missing a u-turn somewhere.

This is my scripts, just the basics:

masq.sh
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"

echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

forward.sh

/usr/sbin/iptables -t filter -A FORWARD -i eth0 -d 192.168.0.101 -p tcp --dport 80 -j ACCEPT

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d $EXTIF --dport 80 -j
DNAT --to 192.168.0.101:80

Anyone got a clue what could be wrong?

Jan Karlsen
 
Old 08-12-2004, 12:29 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
What IP address does your DNS address resolve to?
dig www.yourhost.com A
 
Old 08-12-2004, 12:35 PM   #3
jankarlsen
LQ Newbie
 
Registered: Aug 2004
Posts: 3

Original Poster
Rep: Reputation: 0
karlsen@gandalf:~$ dig koze.net A

; <<>> DiG 9.2.2 <<>> koze.net A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9239
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;koze.net. IN A

;; ANSWER SECTION:
koze.net. 1813 IN A 80.203.220.246

;; Query time: 25 msec
;; SERVER: 217.13.4.24#53(217.13.4.24)
;; WHEN: Thu Aug 12 19:34:08 2004
;; MSG SIZE rcvd: 42

karlsen@gandalf:~$

80.203.220.246 is my routers ip.
 
Old 08-12-2004, 12:45 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Your router is probably not capable of looping back natting. Your best bet is to override the DNS entry in your hosts file with an entry like:
192.168.0.101 koze.net
 
Old 08-12-2004, 05:16 PM   #5
jankarlsen
LQ Newbie
 
Registered: Aug 2004
Posts: 3

Original Poster
Rep: Reputation: 0
That's what i want my router to do, with using iptables...

Jan
 
Old 08-12-2004, 10:37 PM   #6
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
I would highly recommend setting up a local DNS server to resolve mail and www to local ip addresses and leave port forwarding on the local subnet alone. But here's your rope :)

Take a look at http://lists.netfilter.org/pipermail...ly/036620.html

My head isn't screwed on right, but I might play with this later. Post back if you get results. I would definately test this out on other ports, because it may screw up your regular traffic.

Good Luck,
chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
routing problem DRagonRage Debian 8 09-21-2005 03:29 PM
routing problem DRagonRage Linux - Networking 1 09-21-2005 01:02 PM
Routing problem Infernal211283 Linux - Networking 3 02-28-2005 02:59 AM
Another Routing problem Bambi Linux - Networking 2 06-03-2004 03:13 PM
routing problem nowonmai Linux - Networking 2 10-09-2003 07:59 AM


All times are GMT -5. The time now is 03:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration