Forums.ATC.no

Teknisk => Generelt teknisk => Emne startet av: ATC på 27. ſeptember 2008, 18:24 pm

Tittel: Linux: DNAT does not work for clients inside the NAT router
Skrevet av: ATC på 27. ſeptember 2008, 18:24 pm: A private network 10.0.0.0/24 was set up with a web server and a windos client. The NAT router was configured with a DNAT rule to allow external clients to reach the web server via the public IP address.

iptables -A POSTROUTING -t nat -s 10.0.0.0/24 -o eth0 -j MASQUERADE
iptables -A PREROUTING -d ${ME} -t nat -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 10.0.0.234:80

This configuration worked as expected, with one exception: The windos client on the inside could not communicate with the web server via the public IP address.
Tittel: [Solved] Linux: DNAT does not work for clients inside the NAT router
Skrevet av: ATC på 27. ſeptember 2008, 18:24 pm: The web server was trying to send reply packets directly to the client, using the private IP addresses.

Changed

iptables -A POSTROUTING -t nat -s 10.0.0.0/24 -o eth0 -j MASQUERADE

to read

iptables -A POSTROUTING -t nat -s 10.0.0.0/24 -j MASQUERADE

thus masquarading all traffic from 10.0.0.0/24, even traffic going back to that network. This is necessary for DNAT to work for clients on the inside :-)

SMF 2.0.11 | SMF © 2014, Simple Machines