[wplug] DNAT Headaches
Hagbard Celine
hceline at softhome.net
Mon Jul 15 21:18:09 EDT 2002
I'm maintaining a small network here, and want to set up a globally-accessible
HTTP server. Unfortunately, I'm encountering a problem...
The network (172.16.x.x) consists of three subnets (172.16.0.x, 172.16.1.x,
and 172.16.2.x). 172.16.1.x has the user workstations, 172.16.2.x has the box
where Apache lives (with more machines to come), and the gateways talk to each
other over 172.16.0.x The Internet gateway is 172.16.1.0/172.16.0.1 I also
aquired a static IP for my dialup line.
All the machines need to talk to the Internet, so I already have SNAT in place,
thusly:
iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to 208.0.146.66
This works quite well.
I tried to DNAT to the Apache box in this manner:
iptables -t nat -A PREROUTING -p tcp --dport 80 -i ppp0 -j DNAT --to 172.16.2.2
I can connect to Apache via the private network, but attempts to connect via
the public address return 'connection refused' errors.
Am I missing a fine point somewhere, or am I guilty of some boneheaded error
(SNAT confusing DNAT, perhaps?)?
Any help greatly appreciated,
Hagbard
More information about the wplug
mailing list