I have a adsl connection with static IP (lets say 1.1.1.1). My debian firewall connects Internet with ppp and IP is assigned to firewall directly; ppp0 Link encap:Point-to-Point Protocol inet addr:1.1.1.1 P-t-P:<IP-DOES-NOT-MATTER> Mask:255.255.255.255
I am using debian as a firewall/router and NAT my local clients to Internet using a basic iptables script; iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward
I created a subdomain record for my external hosted domain: sub.example.com IN A 1.1.1.1
I can DNAT http connections from Internet to my local server with iptables: iptables --table nat --append PREROUTING -i ppp0 --dest 1.1.1.1 -p tcp --dport 80 -j DNAT --to 192.168.1.101:80
I also want my local clients to reach sub.example.com without any additional configuration.
The iptables commands i tried in firewall (that did not work): iptables --table nat --append PREROUTING --in-interface eth1 --dest 1.1.1.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.101:80 and iptables -t nat --append OUTPUT --dest 1.1.1.1 -p tcp --dport 80 -j DNAT --to-dest 192.168.1.101
First command routed packects to server but i did not get a reply (1.1.1.1 not configured on server). Second one did nothing.
Is there a way to accomplish this with iptables ?
Aucun commentaire:
Enregistrer un commentaire