Access NATted webserver from inside the network

From: sebmil (sebmil_at_invalid.mail)
Date: 08/08/04


Date: Sun, 08 Aug 2004 22:57:00 +0200

Hello,

I would like to know if it is possible to access a NATted webserver with
its external address from inside the network, and how.

Here's my network :

Webserver :
IP 192.168.0.54, connected to LAN

Router/gateway :
IP 192.168.0.55 on eth0, connected to LAN
Dynamic IP on ppp0, connected to Internet
routing port 80 (DNAT) to 192.168.0.54

LAN clients :
IP 192.168.0.xx, connected on LAN

I use dyndns services so i can access my server from outside with URL
like xxx.dyndns.org, and it works.

The problem is, from the LAN i would also like to access the webserver by
using the xxx.dyndns.org URL.

Here are my iptables rules :

iptables -P INPUT DROP
iptables -F INPUT

iptables -P OUTPUT ACCEPT
iptables -F OUTPUT

iptables -P FORWARD DROP
iptables -F FORWARD

iptables -t nat -F

iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -j ACCEPT

iptables -A FORWARD -i ppp0 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.54

iptables -A INPUT -i ppp0 -j REJECT --reject-with icmp-port-unreachable

iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Thanks in advance,

Sebmil.



Relevant Pages

  • Re: iptables NAT routing (LAN -> public IP of WAN interface -> LAN again)
    ... > I have Linux kernel 2.6.10 set up with iptables to do network address ... What kind of rules would I need to use for iptables to tell it ... > to route packets from LAN computers destined for the IP of the WAN ...
    (comp.os.linux.setup)
  • Re: RH9, NAT and routing
    ... > I'm trying to set up my local network so that my RH9 box acts as a router ... > between my LAN and the Internet via a DSL connection. ... > for sites not in my local DNS configuration throughout my LAN. ... $IPTABLES -P FORWARD DROP ...
    (RedHat)
  • Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy
    ... I would never install something I didn't ... from the LAN and does NAT to provide access to the Internet to the ... What iptables is doing is taking packets from the LAN, ...
    (comp.security.firewalls)
  • IPtables + VPN client -any help?
    ... Windows 2000 LAN MAchine ... # description: This script applies iptables. ... # Drop spoofed packets comeing in on an interface, ...
    (RedHat)
  • Re: Debian gateway problem
    ... the external interface of the gateway is fully accessible ... The problem is on the LAN side, I can access some sites but not all the ... Iptables rules are as follows ...
    (Debian-User)