On Thu, Jun 10, 2010 at 10:51 AM, Arun Khan <[email protected]> wrote: > I have a MPLS VPN setup connecting 3 locations, with one of the > locations being the GW to the Internet (for all three locations). > The GW has one public static IP with iptables FireWall (FW). > > SNAT handles outgoing connections to the Internet for all three > locations (different private IP nets) > > There are services within the VPN LAN at two locations that need to be > made accessible to a set of "select" IPs connecting from the Internet > e.g. ERP, DVR surveillance, IP camera. > > I have set up DNAT rules for each "opened" service as shown below. > NB: EXTIF and EXTIP are defined at the begining of the iptables shell > script and default FORWARD rule is DROP > > # DNAT to give access to DVR machine @ 172.16.0.131:80 > iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s <ext_IP_1> -d $EXTIP > --dport 8282 -j DNAT --to-destination 172.16.0.131:80 > iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s <ext_IP_2> -d $EXTIP > --dport 8282 -j DNAT --to-destination 172.16.0.131:80 > iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s <ext_IP_3> -d $EXTIP > --dport 8282 -j DNAT --to-destination 172.16.0.131:80 > iptables -A FORWARD -p tcp -i $EXTIF -o $INTIF2 -d 172.16.0.131 > --dport 80 -j ACCEPT > > The above strategy is working for services that are on Linux (Apache) > without pop up windows but not on services with pop up. > > The error conditions are different for each service. > > For the specific example of the DVR box, When I type: > http://<EXTIP>:8282/ in my browser (the IP number is one of the > ext_IP_? in above rule) I get: > > <error code> > 400 Bad Request > Your client has issued a malformed or illegal request. > </error code> > > Instead of the pop up box that one gets when connecting to the same > unit from workstations on the VPN LAN. > > Any hints/suggestions to debug and determine the location of the > problem welcome.
Sorry I dunno. I thought it was a networking question. I have no clue why you are getting this HTTP error. -Girish -- Gayatri Hitech web: http://gayatri-hitech.com SpamCheetah Spam filter: http://spam-cheetah.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
