Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
Firewall Issues
catchall at stengele
Aug 21, 2007, 5:05 AM
Post #1 of 2 (1734 views)
Permalink
Hi all,
I have an issue with my linux iptables firewall and cannot figure out what
to do.
I will make this as short and sweet as I can.
My Network is setup as follows:
Static IP: 24.106.xxx.xx
Firewall IP ETH1:(Static points to this) 172.24.xxx.xx
All my servers are ETH0: 192.168.0.xx
I have 2 game servers, 1 mail server and a web server.
My problem is I cannot see my websites, or join game servers unless I put
this firewall rule in: iptables -A PREROUTING -d 24.xxx.xxx.xx -i eth0 -j
DNAT --to-destination 192.xxx.x.35 (192.xxx.x.35 being my web server IP
Address)
With this rule I can from the inside of my network go to my website via
www.xxx.com but cannot join any of my game servers unless I chnage the above
rule to the game server IP.

Can anyone help me on this?

Thanks in advance,
Mike
RE: Firewall Issues [ In reply to ]
gary at primeexalia
Sep 2, 2007, 9:05 AM
Post #2 of 2 (1612 views)
Permalink
Mike,

You may also need to put an entry on the output in the NAT table as
well. Here is what I have had to do in the past, to make things work.
Please note that many people noted that this isn't necessary, and
recommend using split DNS instead. But for some of the small officers I
have setup, split DNS really wasn't an option.

Here is a sample.

-A PREROUTING -d 216.x.x.x -j DNAT --to-destination 10.94.17.2
-A POSTROUTING -s 10.94.17.2 -o eth0 -j SNAT --to-source 216.x.x.x
# We had to add this to it so people on the local subnet would be able
# to see the servers as if they are external.
-A POSTROUTING -s 10.94.17.0/255.255.255.0 -d 10.94.17.2 -o eth0 -j SNAT
--to-source 216.x.x.x
-A POSTROUTING -o eth0 -p ! ipv6-crypt -j SNAT --to-source 216.x.x.x

Now, in your case, the 192.168 if on a different 172.24 range, so it
should have worked for you to begin with but you might need to do
something like we've done above.

HTH,

Gary

> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-
> bounces@lists.netfilter.org] On Behalf Of Mike
> Sent: Tuesday, August 21, 2007 5:05 AM
> To: netfilter@lists.netfilter.org
> Subject: Firewall Issues
>
> Hi all,
> I have an issue with my linux iptables firewall and cannot figure out
> what
> to do.
> I will make this as short and sweet as I can.
> My Network is setup as follows:
> Static IP: 24.106.xxx.xx
> Firewall IP ETH1:(Static points to this) 172.24.xxx.xx
> All my servers are ETH0: 192.168.0.xx
> I have 2 game servers, 1 mail server and a web server.
> My problem is I cannot see my websites, or join game servers unless I
> put
> this firewall rule in: iptables -A PREROUTING -d 24.xxx.xxx.xx -i eth0
> -j
> DNAT --to-destination 192.xxx.x.35 (192.xxx.x.35 being my web server
IP
> Address)
> With this rule I can from the inside of my network go to my website
via
> www.xxx.com but cannot join any of my game servers unless I chnage the
> above
> rule to the game server IP.
>
> Can anyone help me on this?
>
> Thanks in advance,
> Mike
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal