Hi Michael, BTW, the config I quoted was not complete, the rest: ===================== ... # When this plugin's status is called, if the default external IPv4 address # has changed, the NAT_LOOPBACK_DNAT and NAT_LOOPBACK_SNAT chains will be # updated with the new address. Set NAT_LOOPBACK_UPDATE_ON_STATUS to "0" # to disable this automatic update on status. # # Example: # $ arno-iptables-firewall status-plugins nat-loopback # # Defaults to update on status if not set to "0" # ------------------------------------------------------------------------------ NAT_LOOPBACK_UPDATE_ON_STATUS=1 =====================
which is important to point out, since the external IPv4 address is needed in the iptables rules for this to work, as such if you have a dynamic address you need to call: -- arno-iptables-firewall status-plugins nat-loopback -- whenever the external address changes. If you have a static external IPv4 address, you are golden by default. Lonnie > On Apr 17, 2020, at 4:41 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Well there you go. Why haven’t I seen this before! > Can you see any reason why I wouldn't turn this on by default for all my > sites? > > Thanks so much. > > Regards > Michael Knill > > On 18/4/20, 7:30 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > > > >> On Apr 17, 2020, at 4:22 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Hi Group >> >> I should know this but is it possible for Astlinux to do hairpin NAT e.g. >> they can do http://<external IP>:<external port> connecting to an internal >> host both internally and externally? >> If not then I assume the only way is to use DNS and resolve to the internal >> host address when internal. >> >> Thanks > > The "nat-loopback" plugin should do what you want. > > ===================== > # > ------------------------------------------------------------------------------ > # -= Arno's iptables firewall - NAT Loopback plugin =- > # > ------------------------------------------------------------------------------ > > # To actually enable this plugin make ENABLED=1: > # > ------------------------------------------------------------------------------ > ENABLED=0 > > # NAT Loopback for local nets using existing NAT_FORWARD_TCP and > NAT_FORWARD_UDP > # rules. > # Note: The default external IPv4 address is obtained from the first > # interface defined in the EXT_IF variable. > # > # Limit local nets by defining NAT_LOOPBACK_NET, a space separated list. > # Defaults to NAT_INTERNAL_NET if not defined. > # > # Example: > # NAT_LOOPBACK_NET="192.168.1.0/24" > # (IPv4 Only) > # > ------------------------------------------------------------------------------ > NAT_LOOPBACK_NET="" > > # When local servers are in another LAN they are unreachable (by default) > unless > # FORWARD rules are created. When NAT_LOOPBACK_FORWARD is set to "1" the > # FORWARD rules to the servers are created for all subnets in > NAT_LOOPBACK_NET. > # > # Defaults to no added forwards if not set to "1" > # > ------------------------------------------------------------------------------ > NAT_LOOPBACK_FORWARD=0 > ===================== > > Lonnie > > > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
