Enabling internal connections to transparently connect via external IP a

To:	"'netfilter@lists.netfilter.org'" <netfilter@lists.netfilter.org>
Subject:	Enabling internal connections to transparently connect via external IP address
From:	Chris Willis <chris@castellan.net>
Date:	Thu, 31 May 2007 13:17:12 -0700
Accept-language:	en-US
Acceptlanguage:	en-US
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org
Thread-index:	AcejwLJyh5i02KrnRQqI067LN679Vw==
Thread-topic:	Enabling internal connections to transparently connect via external IP address

Environment:
Windows XP laptop machine, part of domain acme.int, IP 192.168.1.150
Windows 2003 Server running Exchange 2003 (exchange.acme.int, 192.168.1.10)
External Domain: acme.com (T1 line, firewall external IP & MX record 
mail.acme.com 60.60.60.60)
Firewall: PC running Fedora Core 6, IPTables, using FWBuilder to create a 
ruleset, 2 NICs (eth0 192.168.1.1, eth1 60.60.60.60)

Problem: when a laptop user (works in office and remotely) goes to 
https://mail.acme.com, it works fine from the outside, but not from the inside.

Goal: when an internal (192.168.1.X) client goes to https://mail.acme.com, the 
firewall should accept the packets, route them to the exchange box, and then 
route return packets back to the client.

This works just fine on a netscreen firewall I tested with at the client site 
(same IP addresses as  linux box above).



Chris Willis

<Prev in Thread]	Current Thread	[Next in Thread>
Enabling internal connections to transparently connect via external IP address, Chris Willis <= Re: Enabling internal connections to transparently connect via external IP address, Robby Workman

Previous by Date:	RE: syn DDoS attack solution, Ric Messier
Next by Date:	Re: Two NICs, same network..., semi linux
Previous by Thread:	syn DDoS attack solution, Bgs
Next by Thread:	Re: Enabling internal connections to transparently connect via external IP address, Robby Workman
Indexes:	[Date] [Thread] [Top] [All Lists]