Ok - thanks to Dave Airlie - iptables is nearly working
I have added only two rules
iptables -A PREROUTING -t nat -p tcp -d <external_nic_addr> --dport 80 -j
DNAT --to 192.168.1.6
iptables -A POSTROUTING -t nat -s <internalnetwork>/netmask -d 0/0 -j
MASQUERADE
The measquerading part works fine - however the DNAT part only half works -
if on a machine on our network I try
http://<external_nic_addr>/
it correctly transalates it to the internal webserver at 192.168.1.6
however on an external machine - I get a "Page cannot be displayed" error
I can ping the external address from the outside world - so that is not the
problem and the webserver will allow connections from any IP address.
If it is of any use - I have 2 external IP's on the external NIC - but am
only attempting DNAT on one of them eth0:0 - if I run apache on the box I
can access it using the non-DNAT'd ip address - but if I use the DNAT'd
address then I do not see the apache web site - so some form of packet
mangling is definitely happening.
Thanks for listening
Fergal.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
