LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-01-2002, 05:06 AM   #1
kajboj
LQ Newbie
 
Registered: Feb 2002
Location: san francisco
Posts: 3

Rep: Reputation: 0
Question iptables and EXTIP access from LAN


Hi,

I have a RedHat 7.2 box configured as a firewall with IP masquerading. The setup is rather basic: DSL ROUTER <-> FIREWALL <-> SWITCH <-> (WEBSERVER, INTERNAL MACHINE 1, INTERNAL MACHINE 2, ETC) and for the most part works fine. External machines are able to access the webserver through the firewall, and internal machines can access the webserver via its LAN IP address. The problem I have is that internal machines can't reach the webserver via the firewall's EXTIP address. In other words, if I "telnet mydomain.com" on an internal machine, DNS (from outside my LAN) returns the correct IP address but the machine can't establish a connection, whereas the same test works fine if I perform it on a machine outside the firewall. In summary, it seems there's a problem with machines on the LAN accessing other machines on the LAN through the firewall.

I'm using the seemingly-standard rc.firewall 0.63 script (copied off linuxdoc.org), with a few modifications for allowing external access to my LAN. I figure I need to add a rule that forwards port 80 LAN traffic destined for the firewall EXTIP address to the webserver, but haven't been able to make it work. I've been looking all over for help and can't find what I need, so I'd love to hear everyone's suggestions on what might be wrong. Let me know if I should post my iptables config (or anything else).

Many Thanks,
Alan
 
Old 02-06-2002, 12:11 PM   #2
manthram
Member
 
Registered: Feb 2002
Location: Fairfax, VA
Distribution: RedHat 8, Mandrake9.1, Slack9
Posts: 456

Rep: Reputation: 31
you need to DNAT the requests from the local net too. by your description I can see that you are using DNAT only for the ext network. There is a good howto for this in the netfilter site. I am giving the address for it.

http://netfilter.samba.org/documenta...-HOWTO-10.html

good luck.

manthram

Last edited by manthram; 02-06-2002 at 12:12 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
deny ssh access from lan with iptables NuLLiFiEd Linux - Security 10 12-01-2005 07:11 PM
How to configure an iptables extdev and extip that uses dynamic ip? Niceman2005 Linux - Networking 1 10-11-2005 09:43 PM
IPTABLES How to access to web server on gateway from LAN? kozaki Linux - Networking 4 08-26-2005 11:27 AM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM
iptables and EXTIP access from LAN kajboj Linux - Networking 1 02-04-2002 04:09 AM


All times are GMT -5. The time now is 03:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration