Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-01-2002, 05:06 AM   #1
LQ Newbie
Registered: Feb 2002
Location: san francisco
Posts: 3

Rep: Reputation: 0
Question iptables and EXTIP access from LAN


I have a RedHat 7.2 box configured as a firewall with IP masquerading. The setup is rather basic: DSL ROUTER <-> FIREWALL <-> SWITCH <-> (WEBSERVER, INTERNAL MACHINE 1, INTERNAL MACHINE 2, ETC) and for the most part works fine. External machines are able to access the webserver through the firewall, and internal machines can access the webserver via its LAN IP address. The problem I have is that internal machines can't reach the webserver via the firewall's EXTIP address. In other words, if I "telnet" on an internal machine, DNS (from outside my LAN) returns the correct IP address but the machine can't establish a connection, whereas the same test works fine if I perform it on a machine outside the firewall. In summary, it seems there's a problem with machines on the LAN accessing other machines on the LAN through the firewall.

I'm using the seemingly-standard rc.firewall 0.63 script (copied off, with a few modifications for allowing external access to my LAN. I figure I need to add a rule that forwards port 80 LAN traffic destined for the firewall EXTIP address to the webserver, but haven't been able to make it work. I've been looking all over for help and can't find what I need, so I'd love to hear everyone's suggestions on what might be wrong. Let me know if I should post my iptables config (or anything else).

Many Thanks,
Old 02-06-2002, 12:11 PM   #2
Registered: Feb 2002
Location: Fairfax, VA
Distribution: RedHat 8, Mandrake9.1, Slack9
Posts: 456

Rep: Reputation: 31
you need to DNAT the requests from the local net too. by your description I can see that you are using DNAT only for the ext network. There is a good howto for this in the netfilter site. I am giving the address for it.

good luck.


Last edited by manthram; 02-06-2002 at 12:12 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
deny ssh access from lan with iptables NuLLiFiEd Linux - Security 10 12-01-2005 07:11 PM
How to configure an iptables extdev and extip that uses dynamic ip? Niceman2005 Linux - Networking 1 10-11-2005 09:43 PM
IPTABLES How to access to web server on gateway from LAN? kozaki Linux - Networking 4 08-26-2005 11:27 AM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM
iptables and EXTIP access from LAN kajboj Linux - Networking 1 02-04-2002 04:09 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration