[Firewall] NAT Loopback, code review

Eli Wapniarski eli at orbsky.homelinux.org
Thu Oct 11 07:29:58 CEST 2012


Hi Lonnie

Yay... Thank you for all the work that you are putting into this. :)

The first custom-rule worked like a charm with http and https. I have not had a 
chance to test it with other services yet.

The second one worked with http, but not with https.

Thanks again.

Eli


On Thursday 11 October 2012 00:20:10 Lonnie Abelbeck wrote:
> Hi,
> 
> After further testing it seems the POSTROUTING rules are not necessary since
> the CONNTRACK is allowing the return path, so rewriting the return seems
> unnecessary.
> 
> Also, if the server is in another LAN it is unreachable (by default) unless
> a FORWARD hole is created.  This version adds a new variable
> NAT_LOOPBACK_FORWARD, if --
> NAT_LOOPBACK_FORWARD=1
> --
> the FORWARD rule to the server is created for all subnets in
> NAT_LOOPBACK_NET.
> 
> Attached is the latest version, with optional FORWARD rules added and
> commented out POSTROUTING rules.
> 
> Lonnie


More information about the Firewall mailing list