iptables mobile users prob
How do you set up iptables, using nat and forwarding, so that users can use the same server names inside and outside the firewall?
For example, here's a snippet from my firewall script:
iptables -t nat -A PREROUTING -i ppp0 -p tcp -d 1.2.3.4 --dport 25 -j DNAT --to 192.168.1.202:25
iptables -A FORWARD -i ppp0 -o eth1 -p tcp -m state --state NEW --syn -d 192.168.1.202 --dport 25 -j ACCEPT
assume similar for udp stuff.
Now, what is working now is that users outside the firewall can use the DNS name for SMTP, but users inside have to use the private address 192.168.1.202 or the internal DNS name that corresponds to it.
I can ping the external name from inside the firewall, but connections are refused. Any clues?
jonathan
|