D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] iptables help


Need more coffee, but caffeine disagrees with me....

Client is
Have box with HTTPS on local net
Router forwarded traffic from public address to
This works okay.

Internally it fails.

I want to advertise the public address internally (

I think the issue is that internally it doesn't masquerade the connection, as I see the SYN packet forwarded but with the original source IP address so the reply goes from to

Current rule is

-A PREROUTING -d -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j DNAT --to-destination

I can add "-i eth0" to this to restrict it to the external stuff.

But what should be the rule with "-i eth1" in it given I want to force connections from elsewhere in ( to be masqueraded by the same firewall to

Oh routers internal interface is

I'm sure it is trivial but my brain isn't producing anything that iptables-restore will accept.

The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq