[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] Iptables i OpenWRT, virker fra public IP, men ikke fra intern IP



On Sat, 25 Mar 2006 18:36:25 +0100
Christoffer Kjølbæk <sslug@sslug> wrote:

> Hej,
> 
> Jeg har lige installeret OpenWRT på min Linksys router, og har nu
> problemer med iptables. Jeg vil gerne router port 80 og 443 til en
> anden computer, og har lavet dette i /etc/firewall.user:
> 
> WAN=$(nvram get wan_ifname)
> LAN=$(nvram get lan_ifname)
> MYTHBOX="192.168.1.2"
> 
> .... klippet ud ....
> 
> iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j DNAT
> --to $MYTHBOX
> iptables        -A forwarding_rule -i $WAN -p tcp --dport 80 -d
> $MYTHBOX -j ACCEPT
> iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 443 -j DNAT
> --to $MYTHBOX
> iptables        -A forwarding_rule -i $WAN -p tcp --dport 443 -d
> $MYTHBOX -j ACCEPT
> 
> Dette virker rigtig godt, men kun udefra. Der står i firewall.user at
> -i $WAN bevirker, at det kun virker udefra, så det er ikke så
> underligt.
> 
> Problemet er bare, at jeg ikke lige kan finde ud af, hvordan jeg får
> det til at virke indefra. Jeg har prøvet at fjerne -i $WAN i den tro
> at det ville virke for alle interfaces, men så virker intet.
> 
> Jeg har lidt en ide om, at man måske kunne sortere på min public IP,
> men ved ikke om det ville hjælpe noget, og hvordan det evt. skulle
> gøres.
> 

Mit umiddelbare gæt er at du vil kunne fikse problemet med en
postrouting regel i stil med:

iptables -t nat -A POSTROUTING -d DIT_EKSTERNE_IP -s DIT_WAN_NET --p
tcp --dport 80 -j SNAT --to DIN_LINKSYS_ROUTER_IP

Og tilsvarrende for port 443

Det der er problemet er, at når du sender en forespørgsel til din
webserver fra dit lan system, som ryger ud til din router for at blive
sendt tilbage til din webserver, så ryger direkte fra din webserver til
din lan klient (som står og forventer svar fra din router i stedet for)

Ved at lave en postrouting regel så får det forespørgslen til at blive
sendt retur via din linksys router.

Mvh
Jesper K. Pedersen


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2006-04-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *