[NTLUG:Discuss] can anyone explain it for me?
Cameron Moore
lists at unbeatenpath.net
Wed May 29 14:32:11 CDT 2002
* llliiilll at hotmail.com (m m) [2002.05.29 13:52]:
> hi all:
>
> I have a network like this.
>
> internet
> |
> (eth0)1.2.3.4
> ------------
> | | running dnscache on 127.0.0.1
> | firewall | running dnscachex on 192.168.1.1
> | | running tinydns on 1.2.3.4
> ------------
> (eth1)192.168.1.1
> |
> ------------------
> | network switch |
> ------------------
> |
> |__ 192.168.1.2
>
>
> firewall rules:
>
> iptables -t nat -A PREROUTING -p tcp -d $1.2.3.4:8080 --dport http -j DNAT
> --to 192.268.1.1:80
> iptables -t nat -A PREROUTING -p tcp -d $1.2.3.4:8081 --dport http -j DNAT
> --to 192.268.1.2:80
Why does you destination address start with a "$"?
> Q1:
> a packet after arrived to 192.168.1.1 port 80, what does the web server at
> 192.168.1.1 see?
> does web server see the packet comes from 1.2.3.4:8080 or 192.168.1.1:80?
> or both?
Apache (I assume) should be configured to listen to 192.168.1.1, and
would then see incoming traffic on that IP. NAT should only rewrite the
destination address, not the source address, so the source address will
be the IP of the remote host.
> Q2:
> a packet after arrived to 192.168.1.2 port 80, what does the web server at
> 192.168.1.2 see?
> does web server see the packet comes from 1.2.3.4:8081 or 192.168.1.1:80?
> or 192.168.1.2:80 or all?
The packet should leave eth1 (192.168.1.1) of the firewall and hit
192.168.1.2, but the source address in the packet should not be altered.
It should see it coming from the remote IP of the web surfer.
> how do I set web server At 192.168.1.2 can be surfed from internet?
About the same way you have it drawn up, I think.
--
Cameron Moore
[ How can there be self-help "groups"? ]
More information about the Discuss
mailing list