Okay, I am making some understanding here.
My network is this
xxx.xxx.xxx.xxx (ext)
|
10.0.0.1 (Firewall)
+------------------------------
| |
10.0.0/24 (Internal) 10.0.0.2 (Webserver : 80)
If I make a request to xxx.xxx.xxx.xxx 80 from an external computer it
gets forwarded correclty to 10.0.0.2 and returns back the desired page.
However if I make a request from to the internal network to
xxx.xxx.xxx.xxx 80 it does not get forwarded to 10.0.0.2 80, instead it
is dropping directly 10.0.0.1 80 (which now has a web server running to
help solve problems).
The rule I am using is this
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $INET_IP --dport
80
-j DNAT --to-destination 10.0.0.2
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $LAN_IFACE -d 10.0.0.2
--dport 80 -j ACCEPT
If I change to
$IPTABLES -t nat -A PREROUTING -p TCP -d $INET_IP --dport 80
-j DNAT --to-destination 10.0.0.2
This should allow me to pick up on all interfaces requests for the
firewall eternal IP and send it to 10.0.0.2 but this does not work.
If I change
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $LAN_IFACE -d 10.0.0.2
--dport 80 -j ACCEPT
to
$IPTABLES -A FORWARD -p TCP -d 10.0.0.2 --dport 80 -j ACCEPT
to say allow anything to connect to 10.0.0.2 80 external requests work,
but internal ones do not.
If this possible to do, as I am been banging my head for the past 3 days
and it is beginning to hurt.
==n
