[Firewall] NAT Loopback, code review
eli at orbsky.homelinux.org
Thu Oct 11 19:03:50 CEST 2012
OK... Thanks for all that... understood. Its not really important that this
works from the AIF box anyway. :)
This is really great.... This is very very cool
On Thursday 11 October 2012 08:12:35 Lonnie Abelbeck wrote:
> OK, the NAT_POSTROUTING_CHAIN rules are back in, thanks.
> > K... found another issue. If I try to access internal http services from
> > the gateway itself I get connection refused messages.
> When you say this, are you on the AIF box itself and then trying to NAT via
> the External address ? I don't think that will work.
> My bench test example:
> External IPv4 is 10.10.50.62
> NAT_LOOPBACK_NET and NAT_LOOPBACK_FORWARD not defined (default).
> $ curl http://10.10.50.62:12345
> works both outside to the external interface and from the internal
> interfaces, but when attempted from the AIF box itself it does not work
> because there is no PREROUTING call. I don't think that can be fixed.
> $ curl http://192.168.110.20:80
> still works from the AIF box, even though it gets SNAT'ed via POSTROUTING.
> For completeness, the 'current' version is enclosed, just uncommenting the
> NAT_POSTROUTING_CHAIN rules.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Firewall