LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 04-07-2013, 10:23 AM   #1
902849821
LQ Newbie
 
Registered: Apr 2013
Posts: 3

Rep: Reputation: Disabled
NAT Loopback and iptables


Hello, please can you help and explain me.
I have two servers. Both are RHEL6.
My map oh the network:
https://docs.google.com/drawings/d/1...it?usp=sharing
I use the first one like router and the second one for apache.
Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to open that from the local network (Clients).
As I know i have to add NAT Loopback rules in iptables but I even have no ideas which one rules.
Please, help me ...
If it is important, i use MASQUERADE, bc my external IP is dynamic.
Now my iptables looks like that:
Code:
[root@hprouter ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     tcp  --  0.0.0.0/0            10.0.1.15           state NEW tcp dpt:80 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:10.0.1.15:80 

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
 
Old 04-10-2013, 10:02 PM   #2
hamlindsza
Member
 
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled
iptables -t nat -I POSTROUTING -p tcp -s 10.0.1.0/24 -d 10.0.1.15 --dport 80 -j ACCEPT

Make sure that the rule is above the MASQUERADE Rule.
 
Old 04-11-2013, 05:59 PM   #3
902849821
LQ Newbie
 
Registered: Apr 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by hamlindsza View Post
iptables -t nat -I POSTROUTING -p tcp -s 10.0.1.0/24 -d 10.0.1.15 --dport 80 -j ACCEPT

Make sure that the rule is above the MASQUERADE Rule.
Thank you for your answer.

Unfortunately, it is not working.
 
Old 04-14-2013, 08:44 AM   #4
ubolix
LQ Newbie
 
Registered: Apr 2013
Posts: 2

Rep: Reputation: Disabled
Hi! I have been searching for a solution to do NAT loopback using iptables for about a week now, and I have found many, many different solutions, I have tried all of them but unfortunately I got none of them working.
Could be that I just have too limited knowledge about iptables, I dont know...
Anyway, I prepared to give up when I yesterday stumbled upon Arnos iptables firewall, which is basically a bash script setting up the firwall for you.

I installed it, enabled the plugin "nat loopback", and voila, it just worked
I run Ubuntu 12.04, but I guess it will work in other distros as well...

I really recommend this package. Make sure you download latest version 2.0.1d where the "nat loopback" plugin is included.
 
Old 04-14-2013, 08:48 AM   #5
902849821
LQ Newbie
 
Registered: Apr 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ubolix View Post
Hi! I have been searching for a solution to do NAT loopback using iptables for about a week now, and I have found many, many different solutions, I have tried all of them but unfortunately I got none of them working.
Could be that I just have too limited knowledge about iptables, I dont know...
Anyway, I prepared to give up when I yesterday stumbled upon Arnos iptables firewall, which is basically a bash script setting up the firwall for you.

I installed it, enabled the plugin "nat loopback", and voila, it just worked
I run Ubuntu 12.04, but I guess it will work in other distros as well...

I really recommend this package. Make sure you download latest version 2.0.1d where the "nat loopback" plugin is included.
Wow, it is a good news.

One question. Do you have static or dynamic external IP?

Thank you.
 
Old 04-14-2013, 08:53 AM   #6
ubolix
LQ Newbie
 
Registered: Apr 2013
Posts: 2

Rep: Reputation: Disabled
My external IP is dynamic, however since I never turn off my stuff, the IP is almost never changed, so I consider it almost static even if it isnt
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT loopback not working Cheru Linux - Networking 3 12-19-2011 08:07 PM
iptables loopback local traffic with masc? jfuerst Linux - Networking 1 03-22-2010 07:49 PM
iptables: can't initialize iptables table `NAT' linuxgentoo Linux - Kernel 3 01-17-2010 10:15 AM
Help needed in setting up iptables for a non loopback supported router. Usalabs Linux - Networking 8 02-03-2009 03:19 PM
sending out going traffic to the loopback interface with iptables hypexr Linux - Networking 1 09-22-2005 07:36 PM


All times are GMT -5. The time now is 03:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration