[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] Propblemer med iptables og portforwarding



On 7/4/07, Henrik Stoerner <sslug@sslug> wrote:
In <sslug@sslug> "Allan W. Nielsen" <sslug@sslug> writes:

>Maskinen har 2 net kort, et med ip'en 192.168.9.3 og et andet med ip'en
>192.168.10.14. Jeg kunne godt taenke mig at naar en computer paa subnettet
>192.168.10.0/24 aabner en browser og gaar til addressen
>http://192.168.10.14 at han/hun ser hvad der ligger paa http://192.168.9.4

Som jeg skrev til dig tidligere, så kan det ikke lade sig gøre.
Når source og destination er på samme IP-subnet, så går trafikken
direkte mellem de to maskiner - altså direkte fra 192.168.10.x
til 192.168.10.14. Udenom din firewall. Og så nytter det naturligvis
intet at du har lavet port forwarding på firewall'en.

sådan som jeg forstår beskrivelsen: server: 192.168.9.4 | | (NET1 : 192.168.9.0/24) | FW eth0: 192.168.9.3 FW eth1: 192.168.10.14 | |(NET2 : 92.168.10.0/24) | client: 192.168.10.XX

client laver opslag til http://192.168.10.14
iptables forwarder port 80 fra 192.168.10.14 til 192.168.9.4

Hvis det ikke er klassisk port-forward, så ved jeg ikke hvad er.
192.168.9.0/24 og 192.168.10.0/24 er IKKE på samme subnet.

# iptables -t nat -A PREROUTING -i eth1 -p tcp  --dport 80 -j DNAT
--to-destination 192.168.9.4

Allan, prøv med kun den regel, og byg så videre på din firewall indtil
den ikke virker længere. Så finder du ud af hvorfor din originale
firewall fejlede.

-Doc
--
No trees were killed in the sending of this message
However, a large number of electrons were terribly inconvenienced.
Join the Revolution: 09f911029d74e35bd84156c5635688c0


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2007-07-15, 00:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *