[Firewall] NAT Loopback, code review

Eli Wapniarski eli at orbsky.homelinux.org
Thu Oct 11 19:03:50 CEST 2012


OK... Thanks for all that... understood. Its not really important that this 
works from the AIF box anyway. :)

This is really great.... This is very very cool

Eli


On Thursday 11 October 2012 08:12:35 Lonnie Abelbeck wrote:
> Eli,
> 
> OK, the NAT_POSTROUTING_CHAIN rules are back in, thanks.
> 
> > K... found another issue. If I try to access internal http services from
> > the gateway itself I get connection refused messages.
> When you say this, are you on the AIF box itself and then trying to NAT via
> the External address ?  I don't think that will work.
> 
> My bench test example:
> 
> External IPv4 is 10.10.50.62
> 
> NAT_FORWARD_TCP="0/0~12345>192.168.110.20~80"
> 
> NAT_LOOPBACK_NET and NAT_LOOPBACK_FORWARD not defined (default).
> 
> $ curl http://10.10.50.62:12345
> 
> works both outside to the external interface and from the internal
> interfaces, but when attempted from the AIF box itself it does not work
> because there is no PREROUTING call.  I don't think that can be fixed.
> 
> $ curl http://192.168.110.20:80
> 
> still works from the AIF box, even though it gets SNAT'ed via POSTROUTING.
> 
> For completeness, the 'current' version is enclosed, just uncommenting the
> NAT_POSTROUTING_CHAIN rules.
> 
> Lonnie

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Firewall mailing list