Re: [Fwbuilder-discussion] NAT rules for two servers behind the firewall, using a single address of
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] NAT rules for two servers behind the firewall, using a single address of external interface
|
From: <va...@vk...> - 2007-05-27 22:06:55
|
On May 27, 2007, at 12:01 PM, Erestor Elensar wrote:
>
> my rules
> iptables -A PREROUTING -t nat -i ${INT} -p tcp --dport 80 -j DNAT --to
> ${WEB_SRV}:80
> iptables -A FORWARD -p tcp -m state --state NEW --dport 80 -i $
> {DMZ_SRV}
> -j ACCEPT
> iptables -A FORWARD -p tcp -m state --state NEW --dport 80 -i $
> {INT} -j
> ACCEPT
>
> fwbuilder
> $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d
> 192.168.123.102 --dports 80,443 -j DNAT --to-d
> estination 192.168.244.4
> $IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.244.4
> --dports 80,443 -m state --state NEW -j
> $IPTABLES -A OUTPUT -p tcp -m tcp -m multiport -d 192.168.244.4
> --dports 80,443 -m state --state NEW -j RULE_4
> $IPTABLES -A RULE_4 -j ACCEPT
>
> I got a rule that denied everthing towards 192.168.123.102
>
> I get alway's a denied on 192.168.123.102
>
>
> If i also create a allow on port 80 of the firewall IP i don't get a
> denied but no sucess, i have activated all logging but there is no
> denied ...
>
> If needed i can send the fwbuilder conf or the script
>
> Thanks
>
>
> 192.168.123.102 is the fw "external" IP its not connected to the
> internet , only intern.
it is hard to say what is going on. Please send your data file to me
(gzip please)
--vk
|