Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-26-2002, 07:26 AM   #1
LQ Newbie
Registered: Apr 2002
Posts: 2

Rep: Reputation: 0
Question How to access hosts from LAN through public ip?


I have LAN and some services on LANs hosts. I also have a firewall (iptables) configured so you can access this services from the internet, using my public ip and proper port number (done with NAT).
But when I want to acces the same service from LAN, I have to use its local IP.

I wonder if it's possible to configure iptables on the firewall so I can write in my *local net* in browser
http://my_public_ip/addr/ (which currently works only from outside)
instead of using

thank you and best regards,
Old 04-26-2002, 07:51 AM   #2
Registered: Apr 2002
Distribution: Slackware
Posts: 114

Rep: Reputation: 15
post your iptables config

There is something misconfigured in your firewall. I can hit a port-forwarded service by accessing the external IP without issue.


web server

my notebook

eth0 -
eth1 -
(SNAT to
(DNAT to
(allow packets from eth0 to eth1 to be forwarded)
(allow related packets to be forwarded)
(allow syn from to be forwarded)

now if, with my notebook, I pop up Konqueror and say "" the web server's default page pops up.
Old 04-26-2002, 07:57 AM   #3
Registered: May 2001
Posts: 29,358
Blog Entries: 55

Rep: Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545
/* Btw, this post should be in /Networking since it's no security issue (AFAIC). Please consider posting to the right forum next time, thnx. */
Old 04-26-2002, 09:06 AM   #4
LQ Newbie
Registered: Apr 2002
Posts: 2

Original Poster
Rep: Reputation: 0
Sorry for posting on this forum, but in the description is "firewalls" and iptables *is* a firewall , OK, OK I know my problem is not a security problem.

Thanks for the answer, but I can't figure it out anyway
I have things like that (parts from my firewall script):

iptables -t nat -F
iptables -F
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -P INPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j SNAT -o eth0 --to $PUBLIC_IP
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT -i eth0 --to-destination $LOCAL_IP_OF_WEB_SERVER:80
works from outside, doesn't work from inside... What important
thing is missing ?

thanks and regards,
Old 04-26-2002, 09:34 AM   #5
Registered: Apr 2002
Distribution: Slackware
Posts: 114

Rep: Reputation: 15
Lightbulb idea

Not much of a *firewall* but hey. :-)

It looks like you won't get it to run as is because you're rewriting the packet after it's gone through routing -- you're DNAT'ing in the POSTROUTING chain, which means you can't loop back around and come back out another interface (i.e. the one you're coming in on)

You need to do something like a REDIRECT but instead of hitting the firewall itself, you need to send it back in.

Something like

-A PREROUTING -p tcp -s -d $PUBLIC_IP --dport 80 -j DNAT --to-destination $LOCAL_HTTP_IP

that should rewrite the destination BEFORE the routing phase so it would come back out the right port, but I'm not 100% sure. You may need a SNAT line in your POSTROUTING chain to change the IP addy back to $PUBLIC_IP so the computers contacting the web server see the response coming from the "right" address

offhand, why not just solve this with DNS? internal DNS servers can resolve the web server with the internal IP, and external DNS requests get the external IP.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
public access help tallmtt Linux - Wireless Networking 3 06-05-2006 05:20 PM
VSFTPD - Public Access - How? n8tgc Linux - Networking 5 02-15-2005 06:19 PM
Connect to public access points mwademan Linux - Wireless Networking 0 03-02-2004 11:51 AM
Access apache virtual hosts from lan te_conway Linux - Networking 2 07-16-2002 09:20 AM
IPTABLES - LAN can't get to DMZ with public IP dknell Linux - Security 4 02-28-2002 08:02 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:32 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration