Menu
▾
▴
Re: [Astlinux-users] Hairpin NAT
|
From: Lonnie A. <li...@lo...> - 2020-04-17 21:47:39
|
As with opening any firewall paths, if you don't need it, don't turn it on. Lonnie > On Apr 17, 2020, at 4:41 PM, Michael Knill <mic...@ip...> wrote: > > Well there you go. Why haven’t I seen this before! > Can you see any reason why I wouldn't turn this on by default for all my sites? > > Thanks so much. > > Regards > Michael Knill > > On 18/4/20, 7:30 am, "Lonnie Abelbeck" <li...@lo...> wrote: > > > >> On Apr 17, 2020, at 4:22 PM, Michael Knill <mic...@ip...> wrote: >> >> Hi Group >> >> I should know this but is it possible for Astlinux to do hairpin NAT e.g. they can do http://<external IP>:<external port> connecting to an internal host both internally and externally? >> If not then I assume the only way is to use DNS and resolve to the internal host address when internal. >> >> Thanks > > The "nat-loopback" plugin should do what you want. > > ===================== > # ------------------------------------------------------------------------------ > # -= Arno's iptables firewall - NAT Loopback plugin =- > # ------------------------------------------------------------------------------ > > # To actually enable this plugin make ENABLED=1: > # ------------------------------------------------------------------------------ > ENABLED=0 > > # NAT Loopback for local nets using existing NAT_FORWARD_TCP and NAT_FORWARD_UDP > # rules. > # Note: The default external IPv4 address is obtained from the first > # interface defined in the EXT_IF variable. > # > # Limit local nets by defining NAT_LOOPBACK_NET, a space separated list. > # Defaults to NAT_INTERNAL_NET if not defined. > # > # Example: > # NAT_LOOPBACK_NET="192.168.1.0/24" > # (IPv4 Only) > # ------------------------------------------------------------------------------ > NAT_LOOPBACK_NET="" > > # When local servers are in another LAN they are unreachable (by default) unless > # FORWARD rules are created. When NAT_LOOPBACK_FORWARD is set to "1" the > # FORWARD rules to the servers are created for all subnets in NAT_LOOPBACK_NET. > # > # Defaults to no added forwards if not set to "1" > # ------------------------------------------------------------------------------ > NAT_LOOPBACK_FORWARD=0 > ===================== > > Lonnie > > > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
