What do I need to do?
Pete Nesbitt
pete at linux1.ca
Thu Mar 4 00:50:26 UTC 2004
On March 3, 2004 05:51 pm, Thomas E. Dukes wrote:
> Hello,
>
> I'd like to have a local machine behind a firewall to receive www requests
> from the outside. I have a firewall using IP Masqueurading with port
> forwarding but that doesn't work. I keep getting the "visable" machine.
>
> Do I need to setup a bridge, proxy server or is there something I need to
> do with my local dns, etc.? I don't really know what this is called to
> know where to start.
>
> TIA
Hi Thomas,
I'm running a similar setup, but the server is in a dmz. All you need for that
aspect of the firewall rules is pre and post routes above the main rules,
something like:
#inbound redircts to webserver (all one line)
$IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF --dport 80 -j DNAT
--to-destination $WEB_SERVER_IIP
# outbound web server connections are all masquaraded (all one line)
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER_IP -j MASQUERADE
(you may not need the outbound)
That should work if you are running non-routable boxes behind a sind IP
address.
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list