iptables - servers not accessible from lan using external ip

rubella · 11-08-2005, 09:20 AM

hey

I have an internal network connected to the web through a debian box with iptables. All clients can connect to the internet using NAT.
On the same lan, i have some servers i can reach with their internal ip-address. I assigned fixed external ip's to these servers and from outside it's possible to connect to them. When i try to connect from inside the lan to this servers using their external ip, i won't work... timeouts... but i need those fixed addresses for DNS-entries, so i can connect the server from inside using an url.

anyone an idea where i'm going wrong? thx!

Brian1 · 11-08-2005, 08:20 PM

If I understand you have a dns server setup so outside address can be routed. If this is the case I would leave that dns server the way it is and setup a second dns server for internal use. If you modify one then you will need to modify the other manually. The only way I got around this in the past.

Brian1

Capt_Caveman · 11-08-2005, 08:40 PM

The local DNAT problem.

You can also use iptables to solve this if DNS isn't an option. Here are two explanations of the problem and solutions:
http://www.netfilter.org/documentati...-HOWTO-10.html
http://iptables-tutorial.frozentux.n...tml#DNATTARGET

rubella · 11-09-2005, 03:39 AM

Brian & Capt Caveman, great job dudes! thx!

Brian1 · 11-09-2005, 06:08 PM

Great links ther Capt Caveman. Never thought about postrouting in that way. That sure beats maintaing 2 seperate configured DNS. A quick read over the second link had an idea I never thought about doing either. I will bookmark those and readup on them.

Thanks for the links. Glad to be of help.
Brian1

Capt_Caveman · 11-09-2005, 07:03 PM

No problem. I had the same problem when iptables first came out and had a hell of a time diagnosing the problem (this was before those docs were available), so I can certainly relate to how frustrating it can be.

MarleyGPN · 12-12-2005, 09:16 PM

sorry wrong thread