Hi...
I have a script that forwards port 80 from linux (mandrake box)outside IP, to an internal IIS web server. It works well but the problem is I can't see what I develop from my workstations on the internal network. I can resolve things by using (
http://192.168.0.2/directory/etc) but that doesn't help with dynamic content, as database stored path's and a host of other things do not resolve.
I think another rule excluding my internal network may solve this, but I am not very good at solving this problem yet.
Thanks...
(rc.firewall)
# Mandrake-Security : if you remove this comment, remove the next line too.
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
iptables -t nat -A PREROUTING -i ppp0 -p TCP -d 205.150.252.22 --dport 80 -j DNAT --to 192.168.0.2:80
iptables -A FORWARD -i ppp0 -o eth1 -p TCP -d 192.168.0.2 --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source 205.150.252.22
iptables -A INPUT -i ppp0 -p tcp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A FORWARD -i ppp0 -p tcp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A FORWARD -o ppp0 -p tcp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A OUTPUT -o ppp0 -p tcp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A INPUT -i ppp0 -p udp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A FORWARD -i ppp0 -p udp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A FORWARD -o ppp0 -p udp -d 205.150.252.22 --dport 137:139 -j DROP
iptables -A OUTPUT -o ppp0 -p udp -d 205.150.252.22 --dport 137:139 -j DROP