[SGVLUG] iptables problem

Chris Nolan chris at invert.com
Tue Apr 10 12:53:34 PDT 2007


Michael,

I've had the porblem before and solved it with an iptables prerouting dnat rule
as follows:

/sbin/iptables -t nat -A PREROUTING -i "Internal-Interface" -p tcp -d "External-IP-or-Host-Name" --dport "port" -j DNAT --to "InternalIP":"port"

Replace everything in parens with the appropriate port/ip/interface.

C

* Michael Proctor-Smith <mproctor13 at gmail.com> [2007-04-10 12:31:22 -0700]:

> Anyone else out there have servers available behind there firewall but
> can not access them from behind there firewall? I have a couple of
> servers behind my linux based router(openwrt) namely sgvlug and my
> personal server. They are available from the outside world and when
> connected wirelessly(which is on a different subnet) but when you are
> on the inside lets say 192.168.5.X address you can not access the
> outside ip address which is a SNAT to another 192.168.5.X address.
> 
> The only thing that I found that seems to apply to this problem that
> google found for me was to disable icmp redirects which are the
> default thing sense the two hosts are on the same ethernet segment.
> This did not make a difference.
> 
> I know I could solve this problem with dns and is what I used to do
> and have done when I was behind a cisco firewall and cisco said it was
> not possible. But I would have to serve different dns results to my
> wireless and wired network, and I would like for it to work correctly
> and not be a kludge.


More information about the SGVLUG mailing list