[Firehol-support] firehol and snat

Costa Tsaousis costa at tsaousis.gr
Tue Oct 9 13:50:15 BST 2007


O/H rich at thevillas.eclipse.co.uk έγραψε:
>
>
> snat to "${HOME_MYIP}" \
>     outface "${HOME_MYIF}" \
>     src "${HOME_LAN}" dst "${WEBSERVER}"
>
>  
>
> dnat to ${WEBSERVER}:80                     \
>     inface "${HOME_MYIF}"                     \
>     src "${HOME_LAN}"                     \
>     dst "${PUBLIC_MYIP}" proto tcp dport 80
>  
>
> router lan2lan inface "${HOME_MYIF}" outface "${HOME_MYIF}"    \
>     src "${HOME_LAN}" dst "${HOME_LAN}"
>     server http accept
>     server https accept
>
For https you also need to dnat port 443. You this dnat instead of the 
previous:

dnat to ${WEBSERVER}                    \
    inface "${HOME_MYIF}"               \
    src "${HOME_LAN}"                     \
    dst "${PUBLIC_MYIP}" proto tcp dport "80 443"

Note that I have removed the port from ${WEBSERVER}.

Costa





More information about the Firehol-support mailing list