I have a Linux box acting as a NAT firewall for my internal network. On the internal network is a server running on port 4000 on a Windows 2003 box.
I want to forward all connections into the firewall's pubic IP address on port 4000 to port 4000 on the Windows box, using iptables.
The Windows box's internal IP address is 192.168.1.6 and the firewall's external interface's (public IP) address is 67.109.203.170. I'm currently using the following iptables rules to do this. . .
iptables -A FORWARD -p tcp -s 0/0 -i eth0 -d 192.168.1.6 --destination-port 4000
--syn -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -i eth0 -d 67.109.203.170 --destination-port 4000 -j DNAT --to-destination 192.168.1.6
Now these rules ARE WORKING as intended, with one exception: if I try to connect to 67.109.203.170:4000 from a PC on the internal network (i. e. 192.168.1.x), it doesn't work.
In other words, if I do
telnet 67.109.203.170 4000
from the outside of the private network, a connection is made, but not if I do it from within the private network, it doesn't
Can you tell me how I can correct the iptables rules so a connection to <external IP>:4000 can be made internally as well?
Incidentally, I know if replace the Linux box firewall with an off-the-shelf router and config the router for port forwarding on 4000, it WILL do the above (i. e. allow the connection from both inside and outside the network).
Thanks.