[Firehol-support] webserver on lan
Rick Marshall
rjm at zenucom.com
Mon Dec 31 03:49:18 GMT 2007
hi
The best way to solve this is to put the web server and any other
externally accessed servers on their own subnet.
This is because you cannot use snat/dnat to the same subnet as the
sending machine - not entirely sure why - it has to do with routing, but
it doesn't work. The good news is that with modern iptables you can
overload an interface with 2 ip addresses (so you don't need extra
ethernet cards). I posted a solution for this earlier - it should show
up in the searches.
Regards
Rick
Avin Sigurani wrote:
> I have a web server on an internal machine and forward all web requests
> to this machine. This works fine for all machines external to the lan,
> but machines on the lan cannot access the web server. I saw this
> solution:
>
> snat to "${HOME_MYIP}" \
> outface "${HOME_MYIF}" \
> src "${HOME_LAN}" dst "${WEBSERVER}"
>
>
> dnat to ${WEBSERVER}:80 \
> inface "${HOME_MYIF}" \
> src "${HOME_LAN}" \
> dst "${PUBLIC_MYIP}" proto tcp dport 80
>
>
> router lan2lan inface "${HOME_MYIF}" outface "${HOME_MYIF}" \
> src "${HOME_LAN}" dst "${HOME_LAN}"
> server http accept
> server https accept
>
>
> However, I use dyndns and have a dynamic IP address. How could I do
> this in such a case?
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>
>
More information about the Firehol-support
mailing list