Hi Shawn, the following lines added to your firewall script should give you the NATing that you need. $EXTIP will get you the current IP, but the script would have to be re-run on an IP change.
I don't know how superreal.com works, but I imagine there was some kind of client on the w2k box that would update them on an IP change. You'll need that client on the linux box. If they don't have a linux client, you might want to check out http://clients.dyndns.org/unix.php or other similar services. IPTABLES="/path/to/iptables" EXT="eth0" INT="eth1" EXTIP=`ifconfig $EXT | grep inet | cut -d : -f 2 | cut -d \ -f 1` INTIP="192.168.0.1" SRVIP="192.168.0.15" INTNET="192.168.0.0/24" #Other variables and main firewall entries go here ######### #SNAT ######### #Outbound connection get the external IP as their source $IPTABLES -t nat -A POSTROUTING -s $INTNET -o $EXT -j SNAT --to $EXTIP #if an internal to external IP request, snat to firewall's internal IP $IPTABLES -t nat -A POSTROUTING -s $INTNET -o $INT -d $SRVIP -j SNAT --to $INTIP ######### #DNAT ######### #if an internal to external IP request, dnat to server's IP $IPTABLES -t nat -A PREROUTING -s $INTNET -i $INT -d $EXTIP -j DNAT --to $SRVIP #dnat outside incoming connection for web, smtp, and ftp $IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -i $EXT -j DNAT --to $SRVIP $IPTABLES -t nat -A PREROUTING -p tcp --dport 25 -i $EXT -j DNAT --to $SRVIP $IPTABLES -t nat -A PREROUTING -p tcp --dport 21 -i $EXT -j DNAT --to $SRVIP The only tricky thing is allowing your workstation to access the server through it's domain name. Internal connections to the external IP are first DNATed to the server's internal IP. Then SNATed to the firewall's internal IP. This forces the return packets to go through the firewall instead of directly to the workstation. Lots of docs here: http://www.netfilter.org/documentation/ Hope that helps, Wade. On Tue, 2003-01-14 at 10:48, Shawn Grover wrote: > I've recently installed Red Hat 8 as a server/router. I've successfully > configured IPTables to do NAT for my internal network. But now I also need > to allow users to request pages from my web server. > > My setup: 1 Win2K server (web/email), 1 W2K workstation, and 1 Linux server > (two NICs). > I need to allow web/email/ftp access to my server (ip 192.168.0.15), and be > able to browse the Internet from both internal computers. My workstation > should be able to see the server through it's domain name. > > I suspect I'm going to need SNAT instead of Masquerading, but need some > guidance. > > As an added bonus/difficulty, my DNS is dynamic. I do DNS hosting through > superreal.com, and they dynamically detect my IP address and modify the > appropriate A record. When I was using RRAS on the W2K server (using my > server as my router), this was working fine. As soon as I introduced the > Linux router (because it's more stable, and less troublesome in terms of > browsing the web), I lost my DNS setup. Any tips on how to configure this? > > Oh, I should mention that the RH box doesn't have X Windows installed. All > configuration is done at the command line. (using VIM to create scripts). > > My research hasn't turned up anything very clear on how to do either the > server hosting and NAT, or on the DNS issue (haven't looked into this one > tooooo much yet...). I did look at IPCop and Smoothwall - they sound like > they'll do what I need, but they refuse to recognize my second network card > (two PCI DLinks/rtl8139). > > That all said, I'm a relative newbie to using Linux at this level. I'm > slowly finding out where files reside, and how to configure the box at the > command line. So, please include details in any response. Thanks. > > Any help, suggestions, or links to references are greatly appreciated. > Thanks! > > Shawn Grover > > PS. I can forward my firewall script to you if needed, but it's a basic NAT > configuration right now.
