[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Need more coffee, but caffeine disagrees with me.... Client is 10.0.0.3 Have box with HTTPS on local net 10.0.0.2 Router forwarded traffic from public address to 10.0.0.2 This works okay. Internally it fails. I want to advertise the public address internally (220.127.116.11).I think the issue is that internally it doesn't masquerade the connection, as I see the SYN packet forwarded but with the original source IP address so the reply goes from 10.0.0.2 to 10.0.0.3.
Current rule is-A PREROUTING -d 18.104.22.168/32 -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j DNAT --to-destination 10.0.0.2:443
I can add "-i eth0" to this to restrict it to the external stuff.But what should be the rule with "-i eth1" in it given I want to force connections from elsewhere in 10.0.0.0/8 (10.0.0.3) to be masqueraded by the same firewall to 10.0.0.2.
Oh routers internal interface is 10.0.0.1I'm sure it is trivial but my brain isn't producing anything that iptables-restore will accept.
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq