Thanks Lonnie
Regards
Michael Knill
On 18/4/20, 11:23 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Hi Michael,
BTW, the config I quoted was not complete, the rest:
=====================
...
# When this plugin's status is called, if the default external IPv4 address
# has changed, the NAT_LOOPBACK_DNAT and NAT_LOOPBACK_SNAT chains will be
# updated with the new address. Set NAT_LOOPBACK_UPDATE_ON_STATUS to "0"
# to disable this automatic update on status.
#
# Example:
# $ arno-iptables-firewall status-plugins nat-loopback
#
# Defaults to update on status if not set to "0"
#
------------------------------------------------------------------------------
NAT_LOOPBACK_UPDATE_ON_STATUS=1
=====================
which is important to point out, since the external IPv4 address is needed
in the iptables rules for this to work, as such if you have a dynamic address
you need to call:
--
arno-iptables-firewall status-plugins nat-loopback
--
whenever the external address changes.
If you have a static external IPv4 address, you are golden by default.
Lonnie
> On Apr 17, 2020, at 4:41 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Well there you go. Why haven’t I seen this before!
> Can you see any reason why I wouldn't turn this on by default for all my
sites?
>
> Thanks so much.
>
> Regards
> Michael Knill
>
> On 18/4/20, 7:30 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
>
>
>
>> On Apr 17, 2020, at 4:22 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>
>> Hi Group
>>
>> I should know this but is it possible for Astlinux to do hairpin NAT
e.g. they can do http://<external IP>:<external port> connecting to an internal
host both internally and externally?
>> If not then I assume the only way is to use DNS and resolve to the
internal host address when internal.
>>
>> Thanks
>
> The "nat-loopback" plugin should do what you want.
>
> =====================
> #
------------------------------------------------------------------------------
> # -= Arno's iptables firewall - NAT Loopback plugin =-
> #
------------------------------------------------------------------------------
>
> # To actually enable this plugin make ENABLED=1:
> #
------------------------------------------------------------------------------
> ENABLED=0
>
> # NAT Loopback for local nets using existing NAT_FORWARD_TCP and
NAT_FORWARD_UDP
> # rules.
> # Note: The default external IPv4 address is obtained from the first
> # interface defined in the EXT_IF variable.
> #
> # Limit local nets by defining NAT_LOOPBACK_NET, a space separated
list.
> # Defaults to NAT_INTERNAL_NET if not defined.
> #
> # Example:
> # NAT_LOOPBACK_NET="192.168.1.0/24"
> # (IPv4 Only)
> #
------------------------------------------------------------------------------
> NAT_LOOPBACK_NET=""
>
> # When local servers are in another LAN they are unreachable (by
default) unless
> # FORWARD rules are created. When NAT_LOOPBACK_FORWARD is set to "1"
the
> # FORWARD rules to the servers are created for all subnets in
NAT_LOOPBACK_NET.
> #
> # Defaults to no added forwards if not set to "1"
> #
------------------------------------------------------------------------------
> NAT_LOOPBACK_FORWARD=0
> =====================
>
> Lonnie
>
>
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
