Re: iptables - internal addresses cannot see external interface

From: David Efflandt (efflandt@xnet.com)
Date: 01/27/02

• Next message: Pierre Asselin: "Re: help copying large .tar and .tar.gz files"
• Previous message: bored with TV: "Re: cannot ssh into workstation"
• In reply to: Brad Fears: "iptables - internal addresses cannot see external interface"
• Next in thread: Michael Mueller: "Re: iptables - internal addresses cannot see external interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: efflandt@xnet.com (David Efflandt)
Date: Sun, 27 Jan 2002 03:20:33 +0000 (UTC)

On 26 Jan 2002 13:36:51 -0800, Brad Fears <ddgenius@linuxmail.org> wrote:
> After viewing several tutorials, I've managed to kludge the attached
> iptables script together, and everything seems to be working so far,
> except my internal machines cannot access the external nic on the
> server facing the internet. I'm running a web server on it, and
> everyone else can see it, ssh to it, etc., but I can't from my
> internal boxes. I have to believe that something is just missing from
> the script to enable this...any help is appreciated, and any
> constructive criticism is welcome. Thanks in advance.

Outside connections that appear to be from inside (whether they
really are or not) are usually dropped to prevent IP spoofing.

It is probably easiest to simply set up DNS (or /etc/hosts or
\windows\hosts) on the client to point to your LAN IP instead of external
IP.

Internet clients would still be able to find your outside connection from
any internet DNS hostname or IP.

-- 
David Efflandt - All spam is ignored - http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

---

• Next message: Pierre Asselin: "Re: help copying large .tar and .tar.gz files"
• Previous message: bored with TV: "Re: cannot ssh into workstation"
• In reply to: Brad Fears: "iptables - internal addresses cannot see external interface"
• Next in thread: Michael Mueller: "Re: iptables - internal addresses cannot see external interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: *sigh* Can not get LAN internet ready since FC3 install ... My iptables script works. ... Once ip forwarding was turned on all is well. ... >> box can get to the internet just fine. ... I've got to make a phone call...hold this gum in your mouth. ... (Fedora) Re: iptables - internal addresses cannot see external interface ... I've managed to kludge the attached ... > iptables script together, and everything seems to be working so far, ... > server facing the internet. ... (comp.os.linux.security) Re: Exposing internal sharepoint (behind the firewall) site to the Internet ... Internet clients was either considered taboo, ... Bitkoo has a product line called SecureWithin. ... (microsoft.public.sharepoint.portalserver)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)